Skip to main content
CVE-2020-11586 CRITICAL POC Act Now

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cipace
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11598 CRITICAL POC Act Now

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Cipace
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-11597 CRITICAL POC Act Now

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cipace
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11545 CRITICAL POC Act Now

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Official Car Rental System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7622 CRITICAL POC PATCH Act Now

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jooby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7636 CRITICAL POC Act Now

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Adb Driver
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7635 CRITICAL POC Act Now

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Compass Compile
NVD GitHub
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7634 CRITICAL POC PATCH Act Now

heroku-addonpool through 0.1.15 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Heroku Addonpool
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7633 CRITICAL POC Act Now

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Apiconnect Cli Plugins
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7632 CRITICAL POC Act Now

node-mpv through 1.4.3 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node Mpv
NVD GitHub
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-7631 CRITICAL POC Act Now

diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Diskusage Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-11580 CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-10265 CRITICAL Act Now

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ur Software
NVD
CVSS 3.1
9.4
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy