Skip to main content
CVE-2018-5353 CRITICAL POC Act Now

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
8.1%
CVE-2020-12870 CRITICAL POC Act Now

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pacsone Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-26042 CRITICAL POC Act Now

An issue was discovered in Hoosk CMS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-26041 CRITICAL POC Act Now

An issue was discovered in Hoosk CmS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Hoosk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-25763 CRITICAL POC Act Now

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Seat Reservation System
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-21526 CRITICAL POC Act Now

An Arbitrary file writing vulnerability in halo v1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-21523 CRITICAL POC Act Now

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-21522 CRITICAL POC Act Now

An issue was discovered in halo V1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-20800 CRITICAL POC Act Now

An issue was discovered in MetInfo v7.0.0 beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-19672 CRITICAL POC Act Now

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Niushop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15487 CRITICAL POC Act Now

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Re
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-25762 CRITICAL POC THREAT Act Now

An issue was discovered in SourceCodester Seat Reservation System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seat Reservation System
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
11.3%
CVE-2020-21524 CRITICAL POC Act Now

There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XXE Halo
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-26154 CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-26158 CRITICAL Act Now

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Leanote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-26157 CRITICAL Act Now

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Leanote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-12506 CRITICAL Act Now

Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 362 Firmware 750 363 Firmware 750 823 Firmware 750 832 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy