Skip to main content
CVE-2020-7630 CRITICAL POC Act Now

git-add-remote through 1.0.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Add Remote
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7629 CRITICAL POC Act Now

install-package through 0.4.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Install Package
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7627 CRITICAL POC Act Now

node-key-sender through 1.0.11 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node Key Sender
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7626 CRITICAL POC Act Now

karma-mojo through 1.0.1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Karma Mojo
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-7625 CRITICAL POC Act Now

op-browser through 1.0.6 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Op Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-7624 CRITICAL POC Act Now

effect through 1.0.4 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Effect
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-6852 CRITICAL POC Act Now

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tv 288Zd 2Mp Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-7628 CRITICAL Act Now

umount through 1.1.6 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Install Package Umount
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-10515 CRITICAL Act Now

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Unified Communication Collaboration Client
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-7623 CRITICAL Act Now

jscover through 1.0.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Jscover
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-7621 CRITICAL Act Now

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nginx Strongloop Nginx Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-7620 CRITICAL Act Now

pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pomelo Monitor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7619 CRITICAL Act Now

get-git-data through 1.3.1 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Get Git Data
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7617 CRITICAL PATCH Act Now

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Ini Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy