Latest CVE Feed
-
9.8
CRITICALCVE-2020-7489
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result... Read more
- EPSS Score: %0.47
- Published: Apr. 22, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6995
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.... Read more
Affected Products : pt-7528-24tx-hv_firmware pt-7528-24tx-hv-hv_firmware pt-7528-24tx-wv_firmware pt-7528-24tx-wv-hv_firmware pt-7528-24tx-wv-wv_firmware pt-7528-12msc-12tx-4gsfp-hv_firmware pt-7528-12msc-12tx-4gsfp-hv-hv_firmware pt-7528-12msc-12tx-4gsfp-wv_firmware pt-7528-12msc-12tx-4gsfp-wv-wv_firmware pt-7528-12mst-12tx-4gsfp-hv_firmware +100 more products- EPSS Score: %0.37
- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6991
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.... Read more
- EPSS Score: %0.29
- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6009
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.... Read more
Affected Products : learndash- EPSS Score: %0.88
- Published: Apr. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-5955
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.... Read more
Affected Products : insydeh2o_uefi_bios ice_lake tiger_lake whitley-sp grantley-ep elkhart_lake purley-ep_refresh_neon_city comet_lake_rvp comet_lake whiskey_lake_rvp +11 more products- EPSS Score: %0.72
- Published: Nov. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-5609
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 al... Read more
- EPSS Score: %4.51
- Published: Aug. 05, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-5531
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module /... Read more
- EPSS Score: %0.77
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3787
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more
- EPSS Score: %10.06
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3849
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.... Read more
- EPSS Score: %0.86
- Published: Apr. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3125
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected d... Read more
- EPSS Score: %1.17
- Published: May. 06, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28904
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.... Read more
Affected Products : fusion- EPSS Score: %0.35
- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28024
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF... Read more
Affected Products : exim- EPSS Score: %1.51
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-2801
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more
- EPSS Score: %9.23
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-27745
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.... Read more
- EPSS Score: %0.79
- Published: Nov. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-27068
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel... Read more
Affected Products : android- EPSS Score: %0.34
- Published: Dec. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-25190
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.... Read more
- EPSS Score: %0.09
- Published: Dec. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1957
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.... Read more
- EPSS Score: %79.79
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an ... Read more
Affected Products : fedora debian_linux leap agile_engineering_data_management siebel_ui_framework mysql_enterprise_monitor tomcat hospitality_guest_access agile_plm communications_instant_messaging_server +11 more products- Actively Exploited
- EPSS Score: %94.46
- Published: Feb. 24, 2020
- Modified: Mar. 28, 2025
-
9.8
CRITICALCVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Databa... Read more
- Actively Exploited
- EPSS Score: %94.39
- Published: Jul. 07, 2020
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2020-15256
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a n... Read more
Affected Products : object-path- EPSS Score: %0.31
- Published: Oct. 19, 2020
- Modified: Nov. 21, 2024