Skip to main content
CVE-2020-28371 CRITICAL PATCH Act Now

An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Java Integer Overflow Avian
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-26168 CRITICAL Act Now

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Jet
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-14189 CRITICAL Act Now

The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Jira Comment
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-14188 CRITICAL Act Now

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Jira Create
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-26542 CRITICAL Act Now

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Percona Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-23138 CRITICAL Act Now

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-15297 CRITICAL Act Now

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Update Server
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2020-24407 CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE Magento
NVD
CVSS 3.1
9.1
EPSS
5.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy