Skip to main content
CVE-2020-9480 CRITICAL POC PATCH THREAT Act Now

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Apache Authentication Bypass Spark Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2020-14993 CRITICAL POC Act Now

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor2960 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-14938 CRITICAL POC Act Now

An issue was discovered in map.c in FreedroidRPG 1.0rc2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Freedroidrpg
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-5594 CRITICAL Act Now

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq R Firmware Melsec Iq F Firmware Melsec Q Firmware Melsec L Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12782 CRITICAL Act Now

Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Mailaudit Mailgates
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12021 CRITICAL Act Now

In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Pi Web Api
NVD
CVSS 3.1
9.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy