Skip to main content
CVE-2020-10988 CRITICAL POC Act Now

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10987 CRITICAL POC KEV THREAT Act Now

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
79.7%
CVE-2020-11749 CRITICAL POC THREAT Act Now

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Pandora Fms
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
16.2%
CVE-2020-15050 HIGH POC THREAT This Week

An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Biostar 2
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
50.7%
CVE-2020-5766 HIGH POC This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Srs Simple Hits Counter
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2020-10986 MEDIUM POC This Month

A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service CSRF Ac15 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-10989 MEDIUM POC This Month

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tenda Ac15 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14300 HIGH This Week

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Docker Red Hat Enterprise Linux Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14298 HIGH PATCH This Week

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Docker Red Hat Openshift Container Platform Enterprise Linux Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-15689 HIGH This Week

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Appweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-14174 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Jira Data Center Jira Server +1
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy