Skip to main content
CVE-2020-35245 CRITICAL POC Act Now

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flamingo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-35244 CRITICAL POC Act Now

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flamingo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-35243 CRITICAL POC Act Now

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flamingo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-35242 CRITICAL POC Act Now

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flamingo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-29203 CRITICAL POC Act Now

struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Struct2Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-35364 CRITICAL POC Act Now

Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Internet Security
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-35575 CRITICAL POC Act Now

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Wa901Nd Firmware Archer C5 Firmware Archer C7 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2020-35713 CRITICAL POC THREAT Act Now

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys Re6500 Firmware
NVD
CVSS 3.1
9.8
EPSS
32.7%
CVE-2020-35712 CRITICAL Act Now

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Arcgis Server
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy