Skip to main content
CVE-2020-5847 CRITICAL POC KEV THREAT Emergency

Unraid through 6.8.0 allows unauthenticated remote code execution (CVE-2020-5847, CVSS 9.8, EPSS 93.5%). This critical vulnerability in the popular NAS operating system enables attackers to execute arbitrary code without authentication, compromising all data stored on the NAS and all Docker containers/VMs running on the Unraid system.

RCE Unraid
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
93.5%
Threat
7.8
CVE-2020-10230 CRITICAL POC THREAT Act Now

{SESSION_HASH}/admin/loader_ajax.php term parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Webpanel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
14.7%
CVE-2020-6990 CRITICAL Act Now

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-9347 CRITICAL Act Now

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Code Injection Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2020-8786 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8785 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8784 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-8783 CRITICAL Act Now

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10243 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-5547 CRITICAL PATCH Act Now

Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-5545 CRITICAL PATCH Act Now

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-5544 CRITICAL PATCH Act Now

Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-5543 CRITICAL PATCH Act Now

TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-5542 CRITICAL PATCH Act Now

Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Iu1 1M20 D Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy