Skip to main content
CVE-2020-13768 CRITICAL POC Act Now

In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Minishare
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-10549 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.2%
CVE-2020-10548 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.1%
CVE-2020-10547 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
36.1%
CVE-2020-10546 CRITICAL POC THREAT Act Now

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rconfig
NVD GitHub
CVSS 3.1
9.8
EPSS
87.3%
CVE-2020-13835 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-13832 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-13831 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-13814 CRITICAL Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-13805 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-13804 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-4193 CRITICAL Act Now

IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9292 CRITICAL Act Now

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Fortisiem Windows Agent
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-11094 CRITICAL PATCH Act Now

The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debugbar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-13833 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy