Skip to main content
CVE-2020-8158 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Typeorm
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-15188 CRITICAL POC PATCH Act Now

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Soy Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-15181 CRITICAL PATCH Act Now

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Reset Password
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-0354 CRITICAL Act Now

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-25756 CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mongoose
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy