Skip to main content
CVE-2020-6207 CRITICAL POC KEV THREAT Emergency

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
9.8
EPSS
98.4%
CVE-2020-10257 CRITICAL POC Act Now

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection PHP Addons +62
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2020-6198 CRITICAL Act Now

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Solution Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-5253 CRITICAL PATCH Act Now

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-6203 CRITICAL Act Now

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-9044 CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Lonworks Control Server Metasys Open Application Server +9
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-10255 CRITICAL Act Now

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Privilege Escalation Ddr4 Sdram Lpddr4 Ddr4
NVD GitHub
CVSS 3.1
9.0
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy