Skip to main content
CVE-2020-15906 CRITICAL POC PATCH THREAT Act Now

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tiki
NVD
CVSS 3.1
9.8
EPSS
27.4%
CVE-2020-15684 CRITICAL Act Now

Mozilla developers reported memory safety bugs present in Firefox 81. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption RCE Use After Free +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15683 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption RCE Use After Free +5
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-27664 CRITICAL PATCH Act Now

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-9898 CRITICAL Act Now

This issue was addressed with improved entitlements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-27619 CRITICAL PATCH Act Now

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2020-9920 CRITICAL Act Now

A path handling issue was addressed with improved validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2020-9906 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
9.1
EPSS
4.7%
CVE-2020-9868 CRITICAL Act Now

A certificate validation issue existed when processing administrator added certificates. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2020-27195 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Nomad
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy