Skip to main content
CVE-2020-8149 CRITICAL POC PATCH Act Now

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Code Injection Logkitty
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13092 CRITICAL POC PATCH Act Now

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Scikit Learn
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-13091 CRITICAL POC PATCH Act Now

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization pandas
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-12651 CRITICAL POC Act Now

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Securecrt
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-12834 CRITICAL POC THREAT Act Now

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Homematic Ccu2 Firmware Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2020-12889 CRITICAL PATCH Act Now

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misp Maltego
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy