Skip to main content
CVE-2020-14968 CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-14967 CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-14944 CRITICAL POC Act Now

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-14983 CRITICAL POC Act Now

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Chocolate Doom Crispy Doom Backports Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14972 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Pisay Online E Learning System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-13159 CRITICAL POC Act Now

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Artica Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
9.3%
CVE-2020-8933 CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Guest Oslogin Leap
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2020-8907 CRITICAL POC PATCH Act Now

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. Public exploit code available.

Google Privilege Escalation Docker Guest Oslogin Leap
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2020-12053 CRITICAL Act Now

In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Stealth
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11989 CRITICAL PATCH Act Now

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
24.4%
CVE-2020-4068 CRITICAL PATCH Act Now

In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apnswift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-3663 CRITICAL Act Now

Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3662 CRITICAL Act Now

Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +30
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3661 CRITICAL Act Now

Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3660 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3628 CRITICAL Act Now

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8053 Firmware Rennell Firmware Sdx20 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-3614 CRITICAL Act Now

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3658 CRITICAL Act Now

Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +42
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-4062 CRITICAL PATCH Act Now

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

Kubernetes Docker PostgreSQL Authentication Bypass Conjur Oss Helm Chart
NVD GitHub
CVSS 3.1
9.0
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy