Skip to main content
CVE-2020-7465 CRITICAL POC PATCH Act Now

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Memory Corruption Mpd +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-24218 CRITICAL POC Act Now

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-24217 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
40.3%
CVE-2020-24215 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware H 264 Iptv Encoder 1080P 60Hz Firmware +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2020-24214 CRITICAL POC THREAT Act Now

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iptv H 264 Video Encoder Firmware Iptv H 265 Video Encoder Firmware H 264 Iptv Encoder 1080P 60Hz Firmware Vecaster Hd H264 Firmware +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.4%
CVE-2020-26574 CRITICAL POC Act Now

Leostream Connection Broker 8.2.x is affected by stored XSS. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connection Broker
NVD
CVSS 3.1
9.6
EPSS
2.1%
CVE-2020-7741 CRITICAL PATCH Act Now

This affects the package hellojs before 1.18.6. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hello Js
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2020-26607 CRITICAL Act Now

An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-1907 CRITICAL Act Now

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Google +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-8782 CRITICAL Act Now

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Aleos
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy