Skip to main content
CVE-2020-11079 CRITICAL PATCH Act Now

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Node.js RCE Code Injection Node Dns Sync
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7812 CRITICAL Act Now

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ezhttptrans
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy