Skip to main content
CVE-2020-26879 CRITICAL POC THREAT Act Now

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ruckus Vriot
NVD
CVSS 3.1
9.8
EPSS
42.5%
CVE-2020-18766 CRITICAL POC Act Now

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Antsword
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2020-27743 CRITICAL Act Now

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pam Tacplus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7197 CRITICAL PATCH Act Now

SSMC3.7.0.0 is vulnerable to remote authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Storeserv Management Console
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7127 CRITICAL Act Now

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Airwave Glass
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-7124 CRITICAL Act Now

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Airwave Glass
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-27678 CRITICAL PATCH Act Now

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Illumos Smartos Omnios
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-15272 CRITICAL PATCH Act Now

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Git Tag Annotation Action
NVD GitHub
CVSS 3.1
9.6
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy