Skip to main content
CVE-2020-13756 CRITICAL POC PATCH THREAT Act Now

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection PHP Php Css Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
55.1%
CVE-2020-7115 CRITICAL POC THREAT Act Now

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
64.6%
CVE-2020-3258 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Apple iOS
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-3227 CRITICAL Act Now

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-3198 CRITICAL PATCH Act Now

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Cisco RCE Apple iOS
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-4177 CRITICAL PATCH Act Now

IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10516 CRITICAL Act Now

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Github
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6493 CRITICAL Act Now

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
9.6
EPSS
1.7%
CVE-2020-1963 CRITICAL PATCH Act Now

Apache Ignite uses H2 database to build SQL distributed execution engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Ignite
NVD
CVSS 3.1
9.1
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy