Skip to main content
CVE-2020-11942 CRITICAL POC Act Now

An issue was discovered in Open-AudIT 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Audit
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-12471 CRITICAL POC Act Now

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Monox
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-11020 CRITICAL POC PATCH Act Now

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Faye
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12443 CRITICAL POC PATCH Act Now

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Nginx Path Traversal Bigbluebutton
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-8481 CRITICAL Act Now

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 800Xa System
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-8479 CRITICAL Act Now

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XXE 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-3955 CRITICAL PATCH Act Now

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware ESXi
NVD
CVSS 3.1
9.3
EPSS
1.3%
CVE-2020-7452 CRITICAL PATCH Act Now

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Freebsd
NVD
CVSS 3.1
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy