Skip to main content
CVE-2020-16165 CRITICAL POC Act Now

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-7699 CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service Express Fileupload Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-3699 CRITICAL PATCH Act Now

Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3698 CRITICAL PATCH Act Now

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3688 CRITICAL Act Now

Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3671 CRITICAL Act Now

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Information Disclosure Apq8009 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-16163 CRITICAL Act Now

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rpki Validator 3
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-14158 CRITICAL Act Now

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secvest Hybrid Fumo50110 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy