Skip to main content
CVE-2020-15362 CRITICAL POC Act Now

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wifiscanner
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-15324 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15323 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15322 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15321 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15320 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-8019 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Syslog Ng
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8014 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Leap Tumbleweed Kopano Spamd
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8022 HIGH POC This Week

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Tomcat Leap
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-15043 MEDIUM POC This Month

iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wrb303N Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-14413 MEDIUM POC This Month

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2020-12635 MEDIUM POC This Month

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Webforms Pro M2
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-2021 CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto Pan Os
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2020-15319 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15318 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15317 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15316 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15315 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15314 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15313 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15312 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15069 CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2020-14072 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-14070 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-14068 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12047 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12045 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12043 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12040 CRITICAL Act Now

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-12016 CRITICAL Act Now

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12041 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.4
EPSS
1.4%
CVE-2020-13896 MEDIUM POC THREAT This Month

The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp1800X 50 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
14.8%
CVE-2020-12032 CRITICAL Act Now

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-14414 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-14412 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-13423 MEDIUM POC This Month

Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adobe Form Builder For Magento 2
NVD
CVSS 3.1
4.8
EPSS
1.4%
CVE-2020-4067 HIGH This Week

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coturn Debian Linux Fedora Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-4452 HIGH This Week

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12048 HIGH This Week

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phoenix X36 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12037 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12036 HIGH This Week

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prismaflex Firmware Prismax Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-12008 HIGH This Week

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-14069 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-15368 MEDIUM This Month

AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rgb Driver Firmware
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
5.9%
CVE-2020-15389 MEDIUM PATCH This Month

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Openjpeg Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-8573 MEDIUM This Month

The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Hci H610S Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-14071 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mk Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12024 MEDIUM This Month

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-12020 MEDIUM This Month

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-12012 MEDIUM This Month

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13,. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy