Skip to main content
CVE-2020-17506 CRITICAL POC THREAT Emergency

Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Proxy
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.0%
CVE-2020-17496 CRITICAL POC KEV PATCH THREAT Act Now

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vbulletin
NVD
CVSS 3.1
9.8
EPSS
87.7%
CVE-2020-16137 CRITICAL POC THREAT Act Now

A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Privilege Escalation Unified Ip Conference Station 7937G Firmware
NVD
CVSS 3.1
9.8
EPSS
19.4%
CVE-2020-5415 CRITICAL PATCH Act Now

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2020-12107 CRITICAL Act Now

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vpncrypt M10 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12106 CRITICAL Act Now

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vpncrypt M10 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-17446 CRITICAL PATCH Act Now

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL RCE Memory Corruption asyncpg Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-6932 CRITICAL Act Now

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-8904 CRITICAL PATCH Act Now

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Information Disclosure Asylo
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2020-6294 CRITICAL Act Now

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-6284 CRITICAL Act Now

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Knowledge Management
NVD
CVSS 3.1
9.0
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy