Skip to main content
CVE-2020-5722 CRITICAL POC KEV THREAT Emergency

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ucm6200 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.9%
CVE-2020-10879 CRITICAL POC PATCH THREAT Act Now

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP Rconfig
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
83.9%
CVE-2020-1944 CRITICAL Act Now

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-8868 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Foglight Evolve
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2020-6967 CRITICAL Act Now

In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Deserialization Factorytalk Services Platform
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-7480 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Andover Continuum 9680 Firmware Andover Continuum 5740 Firmware Andover Continuum 5720 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7475 CRITICAL Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ecostruxure Control Expert Unity Pro Modicon M340 Firmware Modicon M580 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-9760 CRITICAL PATCH Act Now

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Weechat Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-9752 CRITICAL Act Now

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Explorer
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-10661 CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy