Skip to main content
CVE-2020-24055 CRITICAL POC Act Now

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption 5620Ptz Firmware 4320 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-24054 CRITICAL POC Act Now

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-24051 CRITICAL POC Act Now

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7710 CRITICAL POC Act Now

This affects all versions of package safe-eval. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Safe Eval
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-24589 CRITICAL POC PATCH THREAT Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
26.9%
CVE-2020-24052 CRITICAL POC Act Now

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-8234 CRITICAL Act Now

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Edgemax Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-15140 CRITICAL PATCH Act Now

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Red Discord Bot
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2020-24590 CRITICAL Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy