Skip to main content
CVE-2020-27486 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2020-27485 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Array index error. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.6%
CVE-2020-27484 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2020-27483 CRITICAL POC Act Now

Garmin Forerunner 235 before 8.20 is affected by: Array index error. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Forerunner 235 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
2.1%
CVE-2020-25952 CRITICAL POC Act Now

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration Login And User Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-26510 CRITICAL Act Now

Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Tomcat Airleader Master Control
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26508 CRITICAL Act Now

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oce Colorwave 3500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-27422 CRITICAL POC Act Now

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Time Tracker
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.8%
CVE-2020-25207 CRITICAL Act Now

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Toolbox
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-5664 CRITICAL Act Now

Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xoonips
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28642 CRITICAL Act Now

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinitewp
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-8271 CRITICAL Act Now

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Sd Wan
NVD
CVSS 3.1
9.8
EPSS
11.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy