Skip to main content
CVE-2020-24719 CRITICAL POC THREAT Emergency

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
23.3%
CVE-2020-28271 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service Prototype Pollution Deephas
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28270 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Denial Of Service Object Hierarchy Access
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-28269 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Denial Of Service Field
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-27481 CRITICAL POC THREAT Act Now

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Good Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
10.6%
CVE-2020-7770 CRITICAL POC PATCH Act Now

This affects the package json8 before 1.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Json8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-7769 CRITICAL POC PATCH Act Now

This affects the package nodemailer before 6.4.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nodemailer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-13774 CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.9
EPSS
4.7%
CVE-2020-13877 CRITICAL Act Now

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Information Disclosure Meeting Monitor
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12315 CRITICAL PATCH Act Now

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Intel Path Traversal Endpoint Management Assistant
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-8752 CRITICAL Act Now

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Memory Corruption Active Management Technology Firmware Cloud Backup +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7472 CRITICAL Act Now

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Sugarcrm
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-3639 CRITICAL Act Now

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware +86
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11196 CRITICAL Act Now

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +89
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11193 CRITICAL Act Now

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8009W Firmware +90
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11184 CRITICAL Act Now

u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Qcm4290 Firmware Qcs4290 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-11168 CRITICAL Act Now

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Apq8009W Firmware Apq8017 Firmware +59
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-8747 CRITICAL Act Now

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy