Skip to main content
CVE-2020-29583 CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware Usg20W Vpn Firmware Usg40 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-28448 CRITICAL POC PATCH Act Now

This affects the package multi-ini before 2.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Multi Ini
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24579 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-13547 HIGH POC This Week

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-13570 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-13560 HIGH POC This Week

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-13557 HIGH POC THREAT This Week

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
71.1%
CVE-2020-28460 HIGH POC PATCH This Week

This affects the package multi-ini before 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Prototype Pollution Authentication Bypass Multi Ini
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-24581 HIGH POC THREAT This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsl2888A Firmware
NVD
CVSS 3.1
8.0
EPSS
12.6%
CVE-2020-35608 HIGH POC This Week

A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Azure Sphere
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2020-25106 HIGH POC This Week

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Supremo
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-24580 HIGH POC This Week

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl2888A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-24578 MEDIUM POC This Month

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dsl2888A Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-25066 CRITICAL Act Now

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Tcp Ip
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-24683 CRITICAL Act Now

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-24679 CRITICAL Act Now

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-24675 CRITICAL Act Now

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-24673 CRITICAL Act Now

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-35609 MEDIUM POC This Month

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Azure Sphere
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24678 HIGH This Week

An authenticated user might execute malicious code under the user context and take control of the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-24677 HIGH This Week

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-24674 HIGH This Week

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2020-14231 HIGH This Week

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Hcl Client Application Access
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-29396 HIGH PATCH This Week

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Python Odoo
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-24676 HIGH This Week

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-27337 HIGH This Week

An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ipv6
NVD
CVSS 3.1
7.3
EPSS
1.5%
CVE-2020-28641 HIGH This Week

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Malwarebytes
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-27338 HIGH This Week

An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ipv6
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-24680 HIGH This Week

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-27336 MEDIUM This Month

An issue was discovered in Treck IPv6 before 6.0.1.68. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ipv6
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-14270 MEDIUM PATCH This Month

HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14874 MEDIUM This Month

Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Cloud Infrastructure Identity And Access Management
NVD
CVSS 3.1
4.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy