Skip to main content
CVE-2020-35276 CRITICAL POC Act Now

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ecm Address Book
NVD VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-35605 CRITICAL POC PATCH Act Now

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Kitty Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-35604 CRITICAL POC Act Now

An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Web Time And Attendance
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-21378 CRITICAL POC Act Now

SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-21377 CRITICAL POC Act Now

SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yunyecms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-27846 CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml Openshift Container Platform Openshift Service Mesh +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-8995 CRITICAL Act Now

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bilanc
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-11717 CRITICAL Act Now

An issue was discovered in Programi 014 31.01.2020. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bilanc
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-4988 CRITICAL Act Now

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Loopback
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-35590 CRITICAL Act Now

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Limit Login Attempts Reloaded
NVD
CVSS 3.1
9.8
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy