Skip to main content
CVE-2020-15415 CRITICAL POC KEV THREAT Act Now

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Vigor3900 Firmware Vigor2960 Firmware Vigor300b Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
84.6%
CVE-2020-15411 CRITICAL PATCH Act Now

An issue was discovered in MISP 2.4.128. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-9413 CRITICAL Act Now

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Managed File Transfer Command Center Managed File Transfer Internet Server
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2020-15084 CRITICAL PATCH Act Now

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Express Jwt
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy