Skip to main content
CVE-2020-29062 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29061 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29060 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29059 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29058 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29056 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-29054 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-28329 CRITICAL POC Act Now

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-28334 CRITICAL POC Act Now

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-28332 CRITICAL POC Act Now

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-28994 CRITICAL POC Act Now

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Karenderia Multiple Restaurant System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-13942 CRITICAL POC PATCH THREAT Act Now

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Unomi
NVD
CVSS 3.1
9.8
EPSS
68.4%
CVE-2020-15929 CRITICAL POC Act Now

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Testbox
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-7378 CRITICAL POC Act Now

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD
CVSS 3.1
9.1
EPSS
2.6%
CVE-2020-13620 HIGH POC This Week

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fastgate Gpon Fga2130Fwb Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-29063 HIGH POC This Week

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-29057 HIGH POC This Week

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-24815 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Microstrategy
NVD VulDB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-28330 MEDIUM POC This Month

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29053 MEDIUM POC This Month

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrsale
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29006 CRITICAL PATCH Act Now

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-29055 MEDIUM POC This Month

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-25159 CRITICAL Act Now

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow 499Es Ethernet Ip Adaptor Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28333 CRITICAL Act Now

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-4001 CRITICAL Act Now

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Orchestrator
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-25475 CRITICAL Act Now

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP News Script Php Pro
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-28991 CRITICAL PATCH Act Now

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitea Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-29003 MEDIUM POC This Month

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15928 MEDIUM POC This Month

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Testbox
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-29040 HIGH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-4000 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
43.0%
CVE-2020-3985 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-29002 MEDIUM POC PATCH This Month

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-26237 HIGH PATCH This Week

Highlight.js is a syntax highlighter written in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Highlight Js Debian Linux Mysql Enterprise Monitor
NVD GitHub
CVSS 3.1
8.7
EPSS
1.3%
CVE-2020-5674 HIGH This Week

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Album Print Color Calibration Utility Colorbase Colorio Easy Print +29
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-28331 HIGH This Week

Barco wePresent WiPG-1600W devices have Improper Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-26890 HIGH PATCH This Week

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-25654 HIGH This Week

An ACL bypass flaw was found in pacemaker. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pacemaker Debian Linux
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2020-4002 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-4003 MEDIUM This Month

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi VMware Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-3984 MEDIUM This Month

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
22.4%
CVE-2020-25473 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP News Script Php Pro
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-25472 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP News Script Php Pro
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs108Ev3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-28348 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Docker Path Traversal Nomad
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-28726 MEDIUM PATCH This Month

Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect PHP Seeddms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25474 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP News Script Php Pro
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-28928 MEDIUM PATCH This Month

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Musl Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-10763 MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10762 MEDIUM This Month

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gluster Block
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy