Skip to main content
CVE-2020-7609 CRITICAL POC PATCH Act Now

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Node Rules
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-9294 CRITICAL POC THREAT Act Now

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fortimail Fortivoice
NVD GitHub
CVSS 3.1
9.8
EPSS
77.8%
CVE-2020-12133 CRITICAL POC Act Now

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Electric Consciousmap
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-11817 CRITICAL POC Act Now

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rukovoditel
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-12271 CRITICAL POC KEV THREAT Act Now

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Sophos RCE SQLi Sfos
NVD
CVSS 3.1
9.8
EPSS
42.2%
CVE-2020-12268 CRITICAL POC PATCH Act Now

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Jbig2Dec Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-12267 CRITICAL POC PATCH Act Now

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Qt
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7640 CRITICAL PATCH Act Now

pixl-class prior to 1.0.3 allows execution of arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Pixl Class
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-1952 CRITICAL PATCH Act Now

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-12279 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-12278 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-9068 CRITICAL Act Now

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Ar3200 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12274 CRITICAL PATCH Act Now

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy