Skip to main content
CVE-2020-5902 CRITICAL POC KEV THREAT Emergency

F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary system commands with root privileges through crafted URL requests.

NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2020-13381 CRITICAL POC THREAT Emergency

openSIS through 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
59.0%
CVE-2020-13382 CRITICAL POC THREAT Emergency

openSIS through 7.4 has Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opensis
NVD GitHub
CVSS 3.1
9.1
EPSS
52.8%
CVE-2020-15468 CRITICAL POC Act Now

Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Persian Vip Download Script
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15473 CRITICAL POC PATCH Act Now

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-15471 CRITICAL POC PATCH Act Now

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-15490 CRITICAL Act Now

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-15489 CRITICAL Act Now

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-14057 CRITICAL Act Now

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Monsta Ftp
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-14056 CRITICAL Act Now

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Monsta Ftp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-13619 CRITICAL Act Now

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection PHP Locutus Php
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13380 CRITICAL PATCH Act Now

openSIS before 7.4 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-15475 CRITICAL PATCH Act Now

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Ndpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15474 CRITICAL PATCH Act Now

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ndpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-5901 CRITICAL Act Now

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nginx Nginx Controller
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2020-15472 CRITICAL PATCH Act Now

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ndpi Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy