Skip to main content
CVE-2020-6471 CRITICAL POC Act Now

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Fedora Backports Sle +2
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2020-1112 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2020-0901 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2020-7808 CRITICAL Act Now

In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Raon K Upload
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-12828 CRITICAL Act Now

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Virtual Private Network Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-6469 CRITICAL Act Now

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Backports Sle Debian Linux +2
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-6466 CRITICAL Act Now

Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2020-6465 CRITICAL Act Now

Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2020-6462 CRITICAL Act Now

Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2020-6461 CRITICAL Act Now

Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-6457 CRITICAL Act Now

Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2020-13112 CRITICAL PATCH Act Now

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libexif Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy