Skip to main content
CVE-2020-17474 CRITICAL POC Act Now

A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zkbiosecurity Server Facedepot 7B Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15692 CRITICAL POC PATCH Act Now

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nim
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-7701 CRITICAL POC PATCH Act Now

madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Madlib Object Utils
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-7700 CRITICAL POC Act Now

All versions of phpjs are vulnerable to Prototype Pollution via parse_str. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Php Js
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-10055 CRITICAL PATCH Act Now

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Desigo Consumption Control Desigo Consumption Control Compact
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2020-15781 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sicam A8000 Firmware
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-15142 CRITICAL PATCH Act Now

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Python Openapi Python Client
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy