Skip to main content

Max Data

7 CVEs product

Monthly

CVE-2020-7699 npm CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service Express Fileupload Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2020-15801 CRITICAL PATCH Act Now

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Max Data
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-14968 npm CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-14967 npm CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign Max Data
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-14966 npm HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack Canonical Jsrsasign +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11022 LIB MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal Debian Linux Fedora +66
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.9
EPSS
2.1%
CVE-2020-11023 LIB MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

This affects the package express-fileupload before 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Prototype Pollution Denial Of Service +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Max Data
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign +1
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jsrsasign +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack +3
NVD GitHub VulDB
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal +68
NVD GitHub Exploit-DB VulDB
EPSS 84% CVSS 6.1
MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux +50
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy