Skip to main content
CVE-2020-0796 CRITICAL POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Microsoft Windows 10 1903 Windows 10 1909 +2
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
99.8%
CVE-2020-10109 CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-10108 CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-10534 CRITICAL PATCH Act Now

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-0902 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Service Fabric
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-0690 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2020-0872 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Application Inspector
NVD
CVSS 3.1
9.6
EPSS
9.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy