Skip to main content
CVE-2020-14644 CRITICAL POC KEV THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
94.5%
CVE-2020-8178 CRITICAL POC Act Now

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Jison
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-11436 CRITICAL POC Act Now

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librehealth Ehr
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2020-14701 CRITICAL Act Now

Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Sd Wan Aware
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2020-14606 CRITICAL PATCH Act Now

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Sd Wan Edge
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2020-10288 CRITICAL Act Now

IRC5 exposes an ftp server (port 21). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Robotware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10287 CRITICAL Act Now

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Irb140 Firmware Irc5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10285 CRITICAL Act Now

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm 5 Lite Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12684 CRITICAL Act Now

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE I Net Clear Reports
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-14687 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-14645 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
46.2%
CVE-2020-14625 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
9.9%
CVE-2020-14511 CRITICAL Act Now

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Edr G902 T Firmware Edr G902 Firmware Edr G903 T Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-14503 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Iview
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2020-14501 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iview
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-14507 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-14505 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2020-14497 CRITICAL Act Now

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-14705 CRITICAL Act Now

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Goldengate
NVD
CVSS 3.1
9.6
EPSS
1.9%
CVE-2020-10284 CRITICAL Act Now

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xarm Studio
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-14665 CRITICAL Act Now

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14658 CRITICAL Act Now

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14599 CRITICAL PATCH Act Now

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Gateway For Mobile Devices
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-14598 CRITICAL PATCH Act Now

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Gateway For Mobile Devices
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy