Skip to main content
CVE-2020-14871 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Oracle Memory Corruption Solaris
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
80.3%
CVE-2020-14882 CRITICAL POC KEV THREAT Emergency

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2020-27615 CRITICAL POC PATCH THREAT Act Now

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress SQLi Loginizer
NVD WPScan
CVSS 3.1
9.8
EPSS
53.6%
CVE-2020-27605 CRITICAL POC Act Now

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigbluebutton
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-14859 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-14855 CRITICAL Act Now

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Universal Work Queue
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14841 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
52.0%
CVE-2020-14825 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
30.1%
CVE-2020-7750 CRITICAL POC PATCH Act Now

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Scratch Svg Renderer
NVD GitHub Exploit-DB
CVSS 3.1
9.6
EPSS
6.1%
CVE-2020-15240 CRITICAL PATCH Act Now

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Omniauth Auth0
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-14876 CRITICAL Act Now

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2020-14875 CRITICAL Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2020-14805 CRITICAL PATCH Act Now

Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite Secure Enterprise Search
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy