Skip to main content
CVE-2020-6287 CRITICAL POC KEV THREAT Act Now

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD GitHub
CVSS 3.1
10.0
EPSS
94.7%
CVE-2020-11546 CRITICAL POC THREAT Act Now

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Superwebmailer
NVD
CVSS 3.1
9.8
EPSS
31.7%
CVE-2020-7593 CRITICAL POC Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Logo 8 Bm Firmware
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2020-11956 CRITICAL POC Act Now

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-11951 CRITICAL POC Act Now

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cmciii Pu 9333E0Fb Firmware Pdu 3C002Dec Firmware Cmc Iii Pu 7030 000 Firmware Lcp Cw Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-1350 CRITICAL KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
10.0
EPSS
92.2%
CVE-2020-13753 CRITICAL PATCH Act Now

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Wpe Webkit Fedora +3
NVD
CVSS 3.1
10.0
EPSS
2.9%
CVE-2020-1025 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Lync Sharepoint Enterprise Server Sharepoint Foundation +2
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-9297 CRITICAL PATCH Act Now

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Titus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-1948 CRITICAL PATCH Act Now

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
13.9%
CVE-2020-10042 CRITICAL Act Now

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-10038 CRITICAL Act Now

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sicam Mmu Firmware Sicam Sgu Firmware Sicam T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-13926 CRITICAL PATCH Act Now

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kylin
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-13925 CRITICAL PATCH Act Now

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Kylin
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2020-1043 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1042 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1041 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%
CVE-2020-1040 CRITICAL KEV PATCH THREAT Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
6.9%
CVE-2020-1036 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
6.2%
CVE-2020-1032 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016
NVD
CVSS 3.1
9.0
EPSS
5.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy