Skip to main content
CVE-2020-14092 CRITICAL POC THREAT Act Now

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Paypal Pro
NVD
CVSS 3.1
9.8
EPSS
94.5%
CVE-2020-4074 CRITICAL PATCH Act Now

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7821 CRITICAL Act Now

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nexacro 14 Nexacro 17
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7820 CRITICAL Act Now

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nexacro 14 Nexacro 17
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-3297 CRITICAL Act Now

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sg250X 24 Firmware Sg250X 24P Firmware Sg250X 48 Firmware +115
NVD
CVSS 3.1
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy