Skip to main content
CVE-2020-15086 CRITICAL POC PATCH Act Now

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Mediace
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-7697 CRITICAL POC Act Now

This affects all versions of package mock2easy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mock2Easy
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-14316 CRITICAL PATCH Act Now

A flaw was found in kubevirt 0.29 and earlier. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubevirt Openshift Virtualization
NVD
CVSS 3.1
9.9
EPSS
1.6%
CVE-2020-15588 CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2020-4567 CRITICAL PATCH Act Now

IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-2076 CRITICAL Act Now

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Package Analytics
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-14487 CRITICAL Act Now

OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openclinic Ga
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7698 CRITICAL PATCH Act Now

This affects the package Gerapy from 0 and before 0.9.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Gerapy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-9691 CRITICAL PATCH Act Now

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Adobe Magento
NVD
CVSS 3.1
9.6
EPSS
6.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy