Skip to main content
CVE-2020-0646 CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Net Framework
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.2%
CVE-2020-0610 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
65.3%
CVE-2020-0609 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
74.9%
CVE-2020-5505 CRITICAL POC THREAT Act Now

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Freelancy
NVD
CVSS 3.1
9.8
EPSS
44.3%
CVE-2020-6958 CRITICAL POC Act Now

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yet Another Java Service Wrapper
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-0654 CRITICAL PATCH Act Now

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Authentication Bypass Onedrive
NVD
CVSS 3.1
9.1
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy