Skip to main content
CVE-2020-25273 CRITICAL POC Act Now

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Authentication Bypass PHP Online Bus Booking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-15243 CRITICAL Act Now

Affected versions of Smartstore have a missing WebApi Authentication attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartstore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-1914 CRITICAL PATCH Act Now

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy