Skip to main content
CVE-2020-27655 CRITICAL POC Act Now

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2020-27998 CRITICAL POC PATCH Act Now

An issue was discovered in FastReport before 2020.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fastreport
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-27744 CRITICAL POC Act Now

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection My Cloud Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2020-27654 CRITICAL POC Act Now

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-7746 CRITICAL POC PATCH Act Now

This affects the package chart.js before 2.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Chart Js
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-27649 CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-27648 CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Diskstation Manager Skynas Firmware
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2020-27886 CRITICAL PATCH Act Now

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Eyesofnetwork
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-27995 CRITICAL Act Now

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SQLi Manageengine Applications Manager
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2020-11486 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11483 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Information Disclosure Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy