Skip to main content
CVE-2020-13519 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-13515 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13514 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13513 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13512 HIGH POC This Week

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cam
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-27687 HIGH POC This Week

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Thingsboard
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-26174 HIGH POC This Week

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Business Workflow
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-5803 HIGH POC This Week

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Qconvergeconsole
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-28052 HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-13535 HIGH POC This Week

A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Linkmaster
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-20299 HIGH POC This Week

WeiPHP 5.0 does not properly restrict access to pages, related to using POST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Weiphp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26280 HIGH PATCH This Week

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openslides
NVD GitHub
CVSS 3.1
8.9
EPSS
1.1%
CVE-2020-7201 HIGH This Week

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Storeever Msl2024 Firmware Storeever 1 8 G2 Tape Autoloader Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-27154 HIGH This Week

The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Businesscti Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7838 HIGH This Week

A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stove
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-14232 HIGH This Week

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-27640 HIGH This Week

The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice 6940 Firmware Mivoice 6930 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-27639 HIGH This Week

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 6873I Sip Firmware 6930 Sip Firmware 6940 Sip Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2020-35555 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35554 HIGH This Week

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-35553 HIGH This Week

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Qualcomm Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-35475 HIGH This Week

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25608 HIGH This Week

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-27781 HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy