Skip to main content
CVE-2020-24881 CRITICAL POC PATCH THREAT Act Now

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.

SSRF Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
73.3%
Threat
5.7
CVE-2020-14750 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Information Disclosure Weblogic Server
NVD GitHub
CVSS 3.1
9.8
EPSS
99.3%
CVE-2020-5656 CRITICAL Act Now

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-5653 CRITICAL Act Now

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-28037 CRITICAL PATCH Act Now

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress RCE Denial Of Service PHP Fedora +1
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
7.7%
CVE-2020-28036 CRITICAL PATCH Act Now

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-28035 CRITICAL Act Now

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-28032 CRITICAL PATCH Act Now

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
16.1%
CVE-2020-23639 CRITICAL Act Now

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vport 461 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-3703 CRITICAL Act Now

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware Apq8076 Firmware Ar9344 Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-3692 CRITICAL Act Now

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Kamorta Firmware Nicobar Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-3673 CRITICAL Act Now

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Apq8053 Firmware Apq8096Au Firmware +37
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-3657 CRITICAL Act Now

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qualcomm Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
28.3%
CVE-2020-3654 CRITICAL Act Now

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Agatti Firmware Apq8053 Firmware Apq8096Au Firmware +38
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11172 CRITICAL Act Now

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq4019 Firmware Ipq6018 Firmware Ipq8064 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-11153 CRITICAL Act Now

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Qualcomm Memory Corruption Apq8053 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-28039 CRITICAL PATCH Act Now

is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress PHP Debian Linux Ubuntu Linux
NVD GitHub WPScan
CVSS 3.1
9.1
EPSS
4.1%
CVE-2020-3670 CRITICAL Act Now

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Agatti Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-11169 CRITICAL Act Now

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8053 Firmware +9
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy