Skip to main content
CVE-2020-15865 CRITICAL POC Act Now

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reports
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-14935 CRITICAL POC Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14934 CRITICAL POC Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-7708 CRITICAL POC PATCH Act Now

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Irrelon Path
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7707 CRITICAL POC PATCH Act Now

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Property Expr
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-7706 CRITICAL POC PATCH Act Now

The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Connie Lang
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-14937 CRITICAL POC Act Now

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-24032 CRITICAL Act Now

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lpar2Rrd Stor2Rrd
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2020-14936 CRITICAL Act Now

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy