Skip to main content
CVE-2020-28442 CRITICAL POC PATCH Act Now

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Js Data
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-35381 HIGH POC PATCH This Week

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsonparser Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-35380 HIGH POC PATCH This Week

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-35471 HIGH POC PATCH This Week

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-28072 HIGH POC This Week

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Alumni Management System
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-27777 MEDIUM POC PATCH This Month

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Kernel Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-35416 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpjabbers Appointment Scheduler
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.7%
CVE-2020-23957 MEDIUM POC This Month

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35396 MEDIUM POC This Month

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Barcodes Generator
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-35395 MEDIUM POC This Month

XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expense Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-28456 MEDIUM POC PATCH This Month

The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS S Cart
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-35467 CRITICAL Act Now

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Docs
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35466 CRITICAL Act Now

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Blackfire Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35464 CRITICAL Act Now

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Cloud Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35463 CRITICAL Act Now

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Dynamic Apm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35462 CRITICAL Act Now

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Coscale Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-27068 CRITICAL PATCH Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-4747 CRITICAL Act Now

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Connect
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-8944 MEDIUM POC PATCH This Month

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Asylo
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-10770 MEDIUM POC PATCH THREAT This Month

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Keycloak
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
69.7%
CVE-2020-29663 CRITICAL PATCH Act Now

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-35121 HIGH This Week

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Database Connector
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25759 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-25758 HIGH This Week

An issue was discovered on D-Link DSR-250 3.17 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection D-Link Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-25757 HIGH This Week

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsr 150 Firmware Dsr 150N Firmware Dsr 250 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-29481 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29479 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29569 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Xen +5
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-28457 MEDIUM POC PATCH This Month

This affects the package s-cart/core before 4.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS S Cart
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-0489 HIGH PATCH This Week

In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-35470 HIGH PATCH This Week

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-27054 HIGH PATCH This Week

In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-27052 HIGH PATCH This Week

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-27051 HIGH PATCH This Week

In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27050 HIGH PATCH This Week

In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27049 HIGH PATCH This Week

In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27048 HIGH PATCH This Week

In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27045 HIGH PATCH This Week

In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27044 HIGH PATCH This Week

In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Google +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-25712 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow X Server Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27030 HIGH This Week

In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0486 HIGH PATCH This Week

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0485 HIGH PATCH This Week

In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-0480 HIGH PATCH This Week

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0479 HIGH PATCH This Week

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0478 HIGH PATCH This Week

In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-0475 HIGH This Week

In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8935 HIGH PATCH This Week

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Asylo
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35122 HIGH This Week

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian SQLi Keysight Database Connector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-25195 HIGH This Week

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service H0 Ecom100 Firmware H2 Ecom100 Firmware H4 Ecom100 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy