Skip to main content
CVE-2020-27739 CRITICAL POC Act Now

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webcit
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-16259 CRITICAL POC Act Now

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Winston Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-16257 CRITICAL POC Act Now

Winston 1.5.4 devices are vulnerable to command injection via the API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Winston Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-27976 CRITICAL POC Act Now

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Oscommerce
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2020-27956 CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Car Rental Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-16263 CRITICAL POC Act Now

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Winston Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-8239 CRITICAL Act Now

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft Pulse Secure Desktop Client
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy