Skip to main content
CVE-2020-10915 CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization One
NVD GitHub
CVSS 3.1
9.8
EPSS
86.6%
CVE-2020-10914 CRITICAL POC THREAT Emergency

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization One
NVD GitHub
CVSS 3.1
9.8
EPSS
47.0%
CVE-2020-7055 CRITICAL POC Act Now

An issue was discovered in Elementor 2.7.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Elementor Page Builder
NVD
CVSS 3.1
9.9
EPSS
3.1%
CVE-2020-7489 CRITICAL PATCH Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert - Basic or SoMachine Basic programming. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ecostruxure Machine Expert Somachine Basic Modicon M100 Firmware Modicon M200 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7487 CRITICAL Act Now

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11796 CRITICAL Act Now

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Space
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-11690 CRITICAL Act Now

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy