Skip to main content
CVE-2020-7357 CRITICAL POC THREAT Emergency

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cms Se Firmware Cms Se Lxc Firmware Cms 60 Firmware Cms 40 Firmware +2
NVD GitHub
CVSS 3.1
9.9
EPSS
33.9%
CVE-2020-7356 CRITICAL POC PATCH THREAT Act Now

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Xpost
NVD GitHub
CVSS 3.1
9.8
EPSS
14.0%
CVE-2020-13793 CRITICAL Act Now

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Dsm Netinst
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12441 CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management Service Manager Heat Remote Control
NVD
CVSS 3.1
9.8
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy