Skip to main content
CVE-2020-25213 CRITICAL POC KEV PATCH THREAT Act Now

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload WordPress PHP File Manager
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.3%
CVE-2020-24916 CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
17.4%
CVE-2020-24379 CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-24199 CRITICAL POC Act Now

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Car Rental Project
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-24197 CRITICAL POC Act Now

A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Stock Management System
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24074 CRITICAL POC PATCH Act Now

The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Silk V3 Decoder
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-15786 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Basic Panels 2Nd Generation Firmware Simatic Hmi Comfort Panels Firmware Simatic Hmi Mobile Panels Firmware Simatic Hmi United Comfort Panels Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-15173 CRITICAL PATCH Act Now

In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Accel Ppp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15903 CRITICAL Act Now

An issue was found in Nagios XI before 5.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-15787 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi United Comfort Panels Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-2040 CRITICAL Act Now

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-11986 CRITICAL Act Now

To be able to analyze gradle projects, the build scripts need to be executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Netbeans
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-24195 CRITICAL Act Now

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Online Bike Rental
NVD
CVSS 3.1
9.1
EPSS
2.9%
CVE-2020-3634 CRITICAL Act Now

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8053 Firmware Apq8096Au Firmware +48
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy