Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Anviz access control devices allow remote attackers to issue commands without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.