Skip to main content
CVE-2020-11854 CRITICAL POC THREAT Emergency

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Application Performance Management Operations Bridge Operations Bridge Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
74.2%
CVE-2020-27160 CRITICAL POC Act Now

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-27159 CRITICAL POC Act Now

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-27158 CRITICAL POC Act Now

Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2020-25765 CRITICAL POC Act Now

Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2020-27853 CRITICAL POC Act Now

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Denial Of Service Wire Wire Audio Video And Signaling +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-9866 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Mac Os X
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12830 CRITICAL Act Now

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-10256 CRITICAL Act Now

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface Scim
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-27183 CRITICAL Act Now

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-27179 CRITICAL Act Now

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publixone
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy