CVE-2020-27950
ENISA EUVD: EUVD-2020-20443 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
5 articles
EPSS Score
Source: FIRST.org · 2026-05-24
43.76%
probability
This CVE has a 43.76% probability
of being exploited in the next 30 days.
0%
Top 97.6th percentile of all CVEs
100%
CVSS v3.1
Source: NVD5.5
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Description
Project ZeroUnspecified memory initialization issue in kernel
Affected Products
Attack Intelligence
Google Project Zero
Discovered
Oct. 29, 2020
Patched
Nov. 5, 2020
Reported by
Google Project Zero
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-27950.html
Exploits & PoC
synacktiv/CVE-2020-27950
CVE-2020-27950 exploit
34
lyonzon2/browser-crash-tool
A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a
4
2 repos — triés par ⭐
Rechercher sur GitHub ↗
Apple fixes a iOS zero-day vulnerability actively used in attacks
BleepingComputer
Mar 26, 2021
Apple patches three actively exploited iOS zero-days
BleepingComputer
Nov 05, 2020
Apple fixes macOS zero-day bug exploited by Shlayer malware
BleepingComputer
Apr 26, 2021
Hacking group used 11 zero-days to attack Windows, iOS, Android users
BleepingComputer
Mar 20, 2021
Signal Intelligence
Confidence
95%
EPSS
43.76%
CVSS v3.1
5.5
Mentions
5
Last Seen
Apr 26, 2021
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026