Skip to main content
CVE-2020-35476 CRITICAL POC THREAT Emergency

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
85.3%
CVE-2020-28929 CRITICAL POC Act Now

Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Eps Tse Server 8 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7781 CRITICAL POC PATCH Act Now

This affects the package connection-tester before 0.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Connection Tester
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-28931 HIGH POC This Week

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eps Tse Server 8 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26258 HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
7.7
EPSS
82.2%
CVE-2020-35133 HIGH POC This Week

irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Irfanview
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-28458 HIGH POC PATCH This Week

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Datatables Net
NVD GitHub
CVSS 3.1
7.3
EPSS
3.7%
CVE-2020-29607 HIGH POC THREAT This Week

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
33.4%
CVE-2020-26259 MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
6.8
EPSS
82.4%
CVE-2020-35469 CRITICAL Act Now

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Terracotta Server Oss
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35468 CRITICAL Act Now

The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Streams
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35193 CRITICAL Act Now

The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Sonarqube Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-28930 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eps Tse Server 8 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26273 MEDIUM POC PATCH This Month

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Osquery
NVD GitHub
CVSS 3.1
5.2
EPSS
0.9%
CVE-2020-26274 HIGH PATCH This Week

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Node.js Command Injection Systeminformation
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-7837 HIGH This Week

An issue was discovered in ML Report Program. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Polaris Ml Report
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-25622 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF N Central
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-25618 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection N Central
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-25617 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal N Central
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-25621 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2020-25620 HIGH This Week

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5360 HIGH PATCH This Week

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Bsafe Micro Edition Suite Database Http Server +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-14254 HIGH PATCH This Week

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-29363 HIGH PATCH This Week

An issue was discovered in p11-kit 0.23.6 through 0.23.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption P11 Kit Debian Linux Communications Cloud Native Core Policy
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-29361 HIGH This Week

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow P11 Kit Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-5683 HIGH This Week

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-5682 HIGH This Week

Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Growi
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-4904 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-4658 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4657 MEDIUM This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26198 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4905 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-5359 MEDIUM PATCH This Month

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Bsafe Micro Edition Suite Database Weblogic Server Proxy Plug In
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-4908 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4907 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-14248 MEDIUM This Month

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-29362 MEDIUM This Month

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure P11 Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-25619 MEDIUM This Month

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure N Central
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-4008 LOW Monitor

The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. Rated low severity (CVSS 3.6). No vendor patch available.

Information Disclosure VMware Apple Carbon Black Cloud
NVD
CVSS 3.1
3.6
EPSS
0.2%
CVE-2020-4906 LOW PATCH Monitor

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy