Skip to main content
CVE-2020-7961 CRITICAL POC KEV PATCH THREAT Act Now

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Liferay Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
Threat
8.0
CVE-2020-10799 CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8137 CRITICAL POC PATCH Act Now

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Blamer
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-8135 CRITICAL POC PATCH Act Now

The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Uppy
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy