Skip to main content
CVE-2020-20189 CRITICAL POC Act Now

SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Newpk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-20184 CRITICAL POC Act Now

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gateone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-20136 CRITICAL POC Act Now

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Lean
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35338 CRITICAL POC THREAT Act Now

The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wireless Multiplex Terminal Playout Server
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2020-35378 CRITICAL POC Act Now

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Bus Ticket Reservation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-29227 CRITICAL POC THREAT Act Now

An issue was discovered in Car Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Car Rental Management System
NVD
CVSS 3.1
9.8
EPSS
16.8%
CVE-2020-0456 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-0457 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-0455 CRITICAL Act Now

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-25228 CRITICAL Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Logo 8 Bm Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8257 CRITICAL Act Now

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Gateway Plug In
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-25187 CRITICAL Act Now

Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-25179 CRITICAL Act Now

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3 0T Signa Hdxt Firmware 3 0T Signa Hd 16 Firmware 3 0T Signa Hd 23 Firmware 1 5T Brivo Mr355 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25175 CRITICAL Act Now

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3 0T Signa Hdxt Firmware 3 0T Signa Hd 16 Firmware 3 0T Signa Hd 23 Firmware 1 5T Brivo Mr355 Firmware +107
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14268 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-14244 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Domino
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-5639 CRITICAL Act Now

Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Filezen
NVD
CVSS 3.1
9.8
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy