Skip to main content
CVE-2020-35773 HIGH POC PATCH This Week

The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Site Offline
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26287 HIGH POC PATCH This Week

HedgeDoc is a collaborative platform for writing and sharing markdown. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Google Hedgedoc
NVD GitHub
CVSS 3.1
8.7
EPSS
1.4%
CVE-2020-27645 HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-27644 HIGH This Week

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-16268 HIGH This Week

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-25847 HIGH This Week

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-17533 HIGH PATCH This Week

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Accumulo
NVD
CVSS 3.1
8.1
EPSS
3.7%
CVE-2020-9207 HIGH This Week

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9223 HIGH This Week

There is a denial of service vulnerability in some Huawei smartphones. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 20 Pro Firmware Princeton Al10D Firmware Yale L21A Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-9124 HIGH This Week

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-9094 HIGH This Week

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Information Disclosure Cloudengine 12800 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-5807 HIGH This Week

An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Factorytalk Diagnostics
NVD
CVSS 3.1
7.5
EPSS
33.8%
CVE-2020-5802 HIGH This Week

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Factorytalk Linx
NVD
CVSS 3.1
7.5
EPSS
38.8%
CVE-2020-5801 HIGH This Week

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Factorytalk Linx
NVD
CVSS 3.1
7.5
EPSS
25.2%
CVE-2020-26286 HIGH PATCH This Week

HedgeDoc is a collaborative platform for writing and sharing markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Hedgedoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy