Skip to main content
CVE-2020-26527 CRITICAL POC Act Now

An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Asset
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-18185 CRITICAL POC Act Now

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pluxml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7737 CRITICAL POC Act Now

All versions of package safetydance are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Safetydance
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-7736 CRITICAL POC PATCH Act Now

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Bmoor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-12124 CRITICAL POC THREAT Act Now

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wn530H4 Firmware
NVD
CVSS 3.1
9.8
EPSS
74.7%
CVE-2020-26518 CRITICAL POC Act Now

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12676 CRITICAL POC Act Now

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Samlv2
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2020-18191 CRITICAL POC Act Now

GetSimpleCMS-3.3.15 is affected by directory traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Getsimplecms
NVD GitHub
CVSS 3.1
9.1
EPSS
2.1%
CVE-2020-18190 CRITICAL POC Act Now

Bludit v3.8.1 is affected by directory traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bludit
NVD GitHub
CVSS 3.1
9.1
EPSS
2.0%
CVE-2020-24698 CRITICAL Act Now

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authoritative
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-12126 CRITICAL Act Now

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Wn530H4 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12125 CRITICAL Act Now

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wn530H4 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-26539 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-26537 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-26535 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-26534 CRITICAL PATCH Act Now

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-26525 CRITICAL Act Now

Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Smart Asset
NVD GitHub
CVSS 3.1
9.1
EPSS
25.5%
CVE-2020-15232 CRITICAL PATCH Act Now

In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Print
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy