Skip to main content
CVE-2020-15148 CRITICAL POC PATCH THREAT Act Now

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Yii
NVD GitHub
CVSS 3.1
10.0
EPSS
78.8%
CVE-2020-23833 CRITICAL POC Act Now

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PHP House Rental
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-23828 CRITICAL POC Act Now

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Course Registration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-23512 CRITICAL POC Act Now

VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass P1 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-16098 CRITICAL Act Now

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-15178 CRITICAL PATCH Act Now

In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Contactform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2020-24561 CRITICAL Act Now

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection Serverprotect
NVD
CVSS 3.1
9.1
EPSS
5.2%
CVE-2020-7293 CRITICAL Act Now

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Web Gateway
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-15179 CRITICAL PATCH Act Now

The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Scratchsig
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy