Skip to main content
CVE-2020-11624 CRITICAL POC Act Now

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Hd838 Firmware Hd438 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15492 CRITICAL POC THREAT Act Now

An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Startup Tools
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
16.6%
CVE-2020-15477 CRITICAL POC Act Now

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Raspberrytortoise
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-15916 CRITICAL POC Act Now

goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-15391 CRITICAL PATCH Act Now

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Devspace
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-15917 CRITICAL Act Now

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Claws Mail Fedora Backports Sle Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-10921 CRITICAL Act Now

This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10920 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass C More Hmi Ea9 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy