Skip to main content
CVE-2020-12429 CRITICAL POC Act Now

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Online Course Registration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-12284 CRITICAL POC PATCH Act Now

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Ffmpeg Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-12442 CRITICAL Act Now

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Ivanti SQLi Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-1745 CRITICAL PATCH Act Now

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Undertow
NVD
CVSS 3.1
9.8
EPSS
4.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy