Skip to main content
CVE-2020-7200 CRITICAL POC THREAT Emergency

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Systems Insight Manager
NVD
CVSS 3.1
9.8
EPSS
81.9%
CVE-2020-20300 CRITICAL POC Act Now

SQL injection vulnerability in the wp_where function in WeiPHP 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Weiphp
NVD GitHub
CVSS 3.1
9.8
EPSS
8.8%
CVE-2020-20298 CRITICAL POC Act Now

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Zzzphp
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-20277 CRITICAL POC PATCH THREAT Act Now

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Uftpd
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
25.2%
CVE-2020-25494 CRITICAL POC THREAT Act Now

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openserver
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
39.2%
CVE-2020-13519 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13515 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13514 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13513 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13512 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-27687 HIGH POC This Week

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Thingsboard
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26174 HIGH POC This Week

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Business Workflow
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5803 HIGH POC This Week

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-28052 HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-13535 HIGH POC This Week

A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Linkmaster
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-20299 HIGH POC This Week

WeiPHP 5.0 does not properly restrict access to pages, related to using POST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Weiphp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26175 MEDIUM POC This Month

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Business Workflow
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-26172 MEDIUM POC This Month

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Business Workflow
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-13518 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-13516 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-13511 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-13510 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-13509 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-25901 MEDIUM POC This Month

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Spiceworks
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2020-25495 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openserver
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
8.1%
CVE-2020-35479 MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-35478 MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-35474 MEDIUM POC This Month

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-7203 CRITICAL Act Now

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ilo Amplifier Pack
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-14224 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-11974 CRITICAL PATCH Act Now

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2020-20276 CRITICAL PATCH Act Now

An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Uftpd
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-35551 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-35550 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-27780 CRITICAL Act Now

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linux Pam
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13931 CRITICAL PATCH Act Now

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Tomee
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-13517 MEDIUM POC This Month

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Cam
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-20285 MEDIUM POC This Month

There is a XSS in the user login page in zzcms 2019. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-26178 MEDIUM POC This Month

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Business Workflow
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-35477 MEDIUM POC This Month

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-26280 HIGH PATCH This Week

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openslides
NVD GitHub
CVSS 3.1
8.9
EPSS
1.1%
CVE-2020-7201 HIGH This Week

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Storeever Msl2024 Firmware Storeever 1 8 G2 Tape Autoloader Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-27154 HIGH This Week

The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Businesscti Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7838 HIGH This Week

A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stove
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-14232 HIGH This Week

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-26177 MEDIUM POC This Month

In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Business Workflow
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-26176 MEDIUM POC This Month

An issue was discovered in tangro Business Workflow before 1.18.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Business Workflow
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26173 MEDIUM POC This Month

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Business Workflow
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26171 MEDIUM POC This Month

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Business Workflow
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-27640 HIGH This Week

The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice 6940 Firmware Mivoice 6930 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy