Skip to main content
CVE-2020-35847 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
98.3%
CVE-2020-35846 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub
CVSS 3.1
9.8
EPSS
93.2%
CVE-2020-10208 CRITICAL POC Act Now

Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
9.9
EPSS
4.1%
CVE-2020-35848 CRITICAL POC PATCH THREAT Act Now

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Cockpit
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
75.0%
CVE-2020-11103 CRITICAL Act Now

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webswing
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-35173 CRITICAL PATCH Act Now

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Amaze File Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-29594 CRITICAL PATCH Act Now

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35799 CRITICAL Act Now

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption D3600 Firmware D6000 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-35797 CRITICAL Act Now

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Netgear Command Injection Nms300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35796 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Cbr40 Firmware D6220 Firmware D6400 Firmware +66
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35795 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +74
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-35800 CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +124
NVD
CVSS 3.1
9.4
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy