Skip to main content
CVE-2020-12720 CRITICAL POC THREAT Emergency

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vbulletin
NVD GitHub
CVSS 3.1
9.8
EPSS
88.9%
CVE-2020-11532 CRITICAL POC PATCH THREAT Act Now

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho Authentication Bypass Manageengine Adaudit Plus Manageengine Datasecurity Plus
NVD
CVSS 3.1
9.8
EPSS
77.5%
CVE-2020-11530 CRITICAL POC THREAT Act Now

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Chop Slider
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
95.7%
CVE-2020-12735 CRITICAL POC Act Now

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Domainmod
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12740 CRITICAL POC Act Now

tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2020-12022 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webaccess
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12006 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-12002 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-10638 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
7.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy