Skip to main content
CVE-2020-7980 CRITICAL POC THREAT Act Now

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aptus Web
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
83.0%
CVE-2020-7596 HIGH POC PATCH This Week

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Nodejs Uploader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-7981 CRITICAL PATCH Act Now

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Geocoder
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy