Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-06	CVE-2020-25592	Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. network low complexity saltstack debian CWE-287 critical	9.8
2020-11-05	CVE-2020-17510	Improper Authentication vulnerability in multiple products Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. network low complexity apache debian CWE-287 critical	9.8
2020-11-03	CVE-2020-16011	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. network low complexity google opensuse debian CWE-787 critical	9.6
2020-11-02	CVE-2020-28032	Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. network low complexity wordpress fedoraproject debian CWE-502 critical	9.8
2020-11-02	CVE-2020-28035	WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. network low complexity wordpress fedoraproject debian critical	9.8
2020-11-02	CVE-2020-28036	Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. network low complexity wordpress fedoraproject debian CWE-862 critical	9.8
2020-11-02	CVE-2020-28037	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). network low complexity wordpress fedoraproject debian CWE-754 critical	9.8
2020-11-02	CVE-2020-28039	is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. network low complexity wordpress debian canonical critical	9.1
2020-10-22	CVE-2020-15683	Use After Free vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. network low complexity mozilla debian opensuse CWE-416 critical	9.8
2020-10-10	CVE-2020-26935	SQL Injection vulnerability in multiple products An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. network low complexity phpmyadmin opensuse fedoraproject debian CWE-89 critical	9.8