Skip to main content
CVE-2020-6144 CRITICAL POC Act Now

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-6143 CRITICAL POC Act Now

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-6142 CRITICAL POC Act Now

A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Opensis
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2020-6140 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6139 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6138 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-6137 CRITICAL POC Act Now

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-5777 CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass Magmi
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2020-16204 CRITICAL POC Act Now

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-6141 CRITICAL POC Act Now

An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opensis
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-7727 CRITICAL POC Act Now

All versions of package gedi are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Gedi
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7726 CRITICAL POC Act Now

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Safe Object2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7725 CRITICAL POC Act Now

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Worksmith
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7724 CRITICAL POC Act Now

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Tiny Conf
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7723 CRITICAL POC Act Now

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Promisehelpers
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7722 CRITICAL POC PATCH Act Now

All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Nodee Utils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7721 CRITICAL POC Act Now

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Node Oojs
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7719 CRITICAL POC PATCH Act Now

Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Locutus
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-7718 CRITICAL POC Act Now

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Gammautils
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7717 CRITICAL POC Act Now

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Dot Notes
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7716 CRITICAL POC Act Now

All versions of package deeps are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deeps
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7715 CRITICAL POC PATCH Act Now

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deep Get Set
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-7714 CRITICAL POC Act Now

All versions of package confucious are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Confucious
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7713 CRITICAL POC Act Now

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Arr Flatten Unflatten
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-16210 CRITICAL POC Act Now

The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.0
EPSS
3.2%
CVE-2020-16206 CRITICAL POC Act Now

The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Information Disclosure N Tron 702 W Firmware N Tron 702M12 W Firmware
NVD
CVSS 3.1
9.0
EPSS
3.2%
CVE-2020-6151 CRITICAL Act Now

A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-25069 CRITICAL Act Now

USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Usvn
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-15150 CRITICAL PATCH Act Now

There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Paginator
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-6874 CRITICAL Act Now

A ZTE product is impacted by the cryptographic issues vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxiptv Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy