Skip to main content
CVE-2020-10992 CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10991 CRITICAL POC Act Now

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Aplkit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10993 CRITICAL POC Act Now

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Osmand
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-10956 CRITICAL Act Now

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-3936 CRITICAL Act Now

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ultralog Express Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10990 CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy