Skip to main content
CVE-2020-6840 CRITICAL POC Act Now

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-6839 CRITICAL POC Act Now

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-6838 CRITICAL POC Act Now

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-6836 CRITICAL PATCH Act Now

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js RCE Code Injection Hot Formula Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-6847 MEDIUM POC This Month

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opentrade
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy