Skip to main content
CVE-2020-7607 CRITICAL POC Act Now

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gulp Styledocco
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7606 CRITICAL POC Act Now

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Docker Docker Compose Remote Api
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7605 CRITICAL POC Act Now

gulp-tape through 1.0.0 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gulp Tape
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7604 CRITICAL POC Act Now

pulverizr through 0.7.0 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pulverizr
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7603 CRITICAL POC Act Now

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Closure Compiler Stream
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7602 CRITICAL POC Act Now

node-prompt-here through 1.0.1 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node Prompt Here
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7601 CRITICAL POC Act Now

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gulp Scss Lint
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8141 HIGH POC PATCH This Week

The dot package v1.1.2 uses Function() to compile templates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dot
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-10589 HIGH POC This Week

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation V2Rayl
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10588 HIGH POC This Week

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation V2Rayl
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0086 CRITICAL Act Now

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-10594 CRITICAL PATCH Act Now

An issue was discovered in drf-jwt 1.15.x before 1.15.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Django Rest Framework Json Web Tokens
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-9290 HIGH This Week

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet RCE Microsoft Forticlient Forticlient Virtual Private Network
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-9287 HIGH This Week

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet RCE Forticlient Emergency Management Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-10591 HIGH PATCH This Week

An issue was discovered in Walmart Labs Concord before 1.44.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concord
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-0088 MEDIUM This Month

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy