Skip to main content
CVE-2020-25889 CRITICAL POC Act Now

Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Bus Booking System
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-28274 CRITICAL Act Now

Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Deepref
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29602 CRITICAL Act Now

The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29601 CRITICAL Act Now

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Notary Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29581 CRITICAL Act Now

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Spiped Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29580 CRITICAL Act Now

The official storm Docker images before 1.2.1 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Storm Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29579 CRITICAL Act Now

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Express Gateway Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-29577 CRITICAL Act Now

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Znc Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29576 CRITICAL Act Now

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Eggdrop Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-29575 CRITICAL Act Now

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Elixir Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29564 CRITICAL Act Now

The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Consul Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2020-29578 CRITICAL Act Now

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Piwik Fpm Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-17531 CRITICAL PATCH Act Now

A Java Serialization vulnerability was found in Apache Tapestry 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Java Deserialization Tapestry
NVD
CVSS 3.1
9.8
EPSS
9.7%
CVE-2020-26255 CRITICAL PATCH Act Now

Kirby is a CMS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kirby Panel
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy