Skip to main content
CVE-2020-3250 CRITICAL POC THREAT Emergency

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD GitHub
CVSS 3.1
9.8
EPSS
60.2%
CVE-2020-3243 CRITICAL POC THREAT Emergency

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD GitHub
CVSS 3.1
9.8
EPSS
88.4%
CVE-2020-2883 CRITICAL POC KEV THREAT Emergency

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD GitHub
CVSS 3.1
9.8
EPSS
94.9%
CVE-2020-3161 CRITICAL POC KEV THREAT Act Now

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Denial Of Service Ip Phone 8865 Firmware Ip Phone 8851 Firmware Ip Phone 7841 Firmware +10
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.7%
CVE-2020-11799 CRITICAL POC Act Now

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Z Cron
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11729 CRITICAL POC Act Now

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Andrew S Web Libraries Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-2733 CRITICAL POC THREAT Act Now

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
9.8
EPSS
18.6%
CVE-2020-3248 CRITICAL Act Now

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
9.8
EPSS
73.9%
CVE-2020-3247 CRITICAL Act Now

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.1
9.8
EPSS
75.1%
CVE-2020-11658 CRITICAL Act Now

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ca Api Developer Portal
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-6996 CRITICAL Act Now

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Dnp3 Source Code Library
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10611 CRITICAL Act Now

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Scada Data Gateway
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-11790 CRITICAL Act Now

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R7800 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-11789 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware R6700 Firmware R6900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-1026 CRITICAL PATCH Act Now

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Research Javascript Cryptography Library
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-11537 CRITICAL Act Now

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11536 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11535 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11534 CRITICAL Act Now

An issue was discovered in ONLYOFFICE Document Server 5.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-2961 CRITICAL PATCH Act Now

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-2953 CRITICAL PATCH Act Now

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-2950 CRITICAL PATCH Act Now

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
71.0%
CVE-2020-2931 CRITICAL Act Now

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Knowledge
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-2915 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-2884 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-2801 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-2791 CRITICAL Act Now

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Knowledge
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10511 CRITICAL Act Now

HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Oaklouds Ccm Il
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-10507 CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload The School Manage System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10505 CRITICAL Act Now

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi The School Manage System
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy