Skip to main content
CVE-2020-7704 CRITICAL POC PATCH Act Now

The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Linux Cmdline
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-24208 CRITICAL POC Act Now

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Shopping Alphaware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-7703 CRITICAL POC Act Now

All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Nis Utils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7702 CRITICAL POC Act Now

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Templ8
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-1467 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Windows improperly handles hard links. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
10.0
EPSS
3.5%
CVE-2020-8212 CRITICAL PATCH Act Now

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-8211 CRITICAL Act Now

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12606 CRITICAL Act Now

An issue was discovered in DB Soft SGLAC before 20.05.001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sglac
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-15152 CRITICAL PATCH Act Now

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Node.js SSRF Ftp Srv
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-9233 CRITICAL Act Now

FusionCompute 8.0.0 have an insufficient authentication vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fusioncompute
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy