Skip to main content
CVE-2020-9423 CRITICAL POC Act Now

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Logicaldoc
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-10674 CRITICAL Act Now

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Perlspeak
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-3922 CRITICAL Act Now

LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Lisomail
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-8600 CRITICAL PATCH Act Now

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-8599 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Apex One Officescan
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2020-8598 CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass Apex One Officescan +1
NVD
CVSS 3.1
9.8
EPSS
13.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy