Skip to main content
CVE-2020-29390 CRITICAL POC THREAT Act Now

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zeroshell
NVD
CVSS 3.1
9.8
EPSS
36.7%
CVE-2020-28926 CRITICAL POC THREAT Act Now

ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Readymedia Debian Linux
NVD
CVSS 3.1
9.8
EPSS
14.5%
CVE-2020-25537 CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-27660 CRITICAL POC Act Now

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Safeaccess
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-29127 CRITICAL POC Act Now

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eternus Storage Dx200 S4 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2020-4627 CRITICAL PATCH Act Now

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Code Injection Cloud Pak For Security
NVD
CVSS 3.1
9.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy