Skip to main content
CVE-2020-4854 CRITICAL POC PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-28984 CRITICAL PATCH Act Now

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Spip Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-28360 CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF Private Ip
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28864 CRITICAL Act Now

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Winscp
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-6939 CRITICAL Act Now

Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Tableau Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-4006 CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager Identity Manager Connector One Access +2
NVD
CVSS 3.1
9.1
EPSS
23.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy