Skip to main content
CVE-2020-15505 CRITICAL POC KEV THREAT Emergency

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Core Enterprise Connector Monitor And Reporting Database Sentry
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2020-8521 CRITICAL POC Act Now

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8520 CRITICAL POC Act Now

SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8519 CRITICAL POC Act Now

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpzag
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-12821 CRITICAL POC PATCH Act Now

Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gossipsub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-15367 CRITICAL POC Act Now

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supravizio Bpm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-4077 CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2020-15350 CRITICAL PATCH Act Now

RIOT 2020.04 has a buffer overflow in the base64 decoder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-5599 CRITICAL Act Now

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Coreos
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-5595 CRITICAL Act Now

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Coreos
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-15506 CRITICAL Act Now

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Core Enterprise Connector Reporting Database +1
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-4076 CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy