Skip to main content
CVE-2020-7200 CRITICAL POC THREAT Emergency

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Systems Insight Manager
NVD
CVSS 3.1
9.8
EPSS
81.9%
CVE-2020-20300 CRITICAL POC Act Now

SQL injection vulnerability in the wp_where function in WeiPHP 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Weiphp
NVD GitHub
CVSS 3.1
9.8
EPSS
8.8%
CVE-2020-20298 CRITICAL POC Act Now

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Zzzphp
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-20277 CRITICAL POC PATCH THREAT Act Now

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Uftpd
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
25.2%
CVE-2020-25494 CRITICAL POC THREAT Act Now

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openserver
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
39.2%
CVE-2020-7203 CRITICAL Act Now

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ilo Amplifier Pack
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-14224 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-11974 CRITICAL PATCH Act Now

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dolphinscheduler
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2020-20276 CRITICAL PATCH Act Now

An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Uftpd
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-35551 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-35550 CRITICAL Act Now

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-27780 CRITICAL Act Now

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linux Pam
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-13931 CRITICAL PATCH Act Now

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Tomee
NVD
CVSS 3.1
9.8
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy