Skip to main content
CVE-2020-17132 CRITICAL POC PATCH THREAT Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
89.8%
CVE-2020-29311 CRITICAL POC Act Now

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ubilling
NVD GitHub
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-26201 CRITICAL POC Act Now

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Ap5100W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-19527 CRITICAL POC Act Now

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-19142 CRITICAL POC Act Now

iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-16608 CRITICAL POC Act Now

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Notable
NVD GitHub
CVSS 3.1
9.6
EPSS
4.3%
CVE-2020-29667 CRITICAL Act Now

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M3 Atm Monitoring System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-17142 CRITICAL PATCH Act Now

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
9.1
EPSS
3.5%
CVE-2020-24445 CRITICAL Act Now

AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
9.0
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy