Skip to main content
CVE-2020-13901 CRITICAL POC PATCH Act Now

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Janus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-7675 CRITICAL POC Act Now

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cd Messenger
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7674 CRITICAL POC Act Now

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Access Policy
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7673 CRITICAL POC Act Now

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Node Extend
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-4043 CRITICAL PATCH Act Now

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Phpmussel
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-12757 CRITICAL PATCH Act Now

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-0117 CRITICAL PATCH Act Now

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-6275 CRITICAL Act Now

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver Application Server Abap
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-6263 CRITICAL Act Now

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-7589 CRITICAL Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Logo 8 Bm Firmware
NVD
CVSS 3.1
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy