Skip to main content
CVE-2020-7247 CRITICAL POC KEV PATCH THREAT Act Now

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opensmtpd Debian Linux Fedora Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
98.9%
CVE-2020-8432 CRITICAL Act Now

In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE U Boot Leap
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-3718 CRITICAL PATCH Act Now

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Magento
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2020-3716 CRITICAL PATCH Act Now

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Deserialization Magento
NVD
CVSS 3.1
9.8
EPSS
14.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy