Skip to main content
CVE-2020-12835 CRITICAL POC THREAT Act Now

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Readyapi
NVD
CVSS 3.1
9.8
EPSS
11.7%
CVE-2020-1955 CRITICAL Act Now

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchdb
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-11716 CRITICAL Act Now

Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Eluga Ray 530 Firmware Eluga Ray 600 Firmware P110 Firmware Eluga Z1 Pro Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9409 CRITICAL PATCH Act Now

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jasperreports Server Retail Order Broker
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-13226 CRITICAL Act Now

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Api Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-9753 CRITICAL Act Now

Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Whale Browser Installer
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy