Skip to main content
CVE-2020-29062 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29061 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29060 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29059 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29058 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-29056 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-29054 CRITICAL POC Act Now

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-28329 CRITICAL POC Act Now

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-28334 CRITICAL POC Act Now

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2020-28332 CRITICAL POC Act Now

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-28994 CRITICAL POC Act Now

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Karenderia Multiple Restaurant System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-13942 CRITICAL POC PATCH THREAT Act Now

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Unomi
NVD
CVSS 3.1
9.8
EPSS
68.4%
CVE-2020-15929 CRITICAL POC Act Now

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Testbox
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.5%
CVE-2020-7378 CRITICAL POC Act Now

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD
CVSS 3.1
9.1
EPSS
2.6%
CVE-2020-29006 CRITICAL PATCH Act Now

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-25159 CRITICAL Act Now

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow 499Es Ethernet Ip Adaptor Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28333 CRITICAL Act Now

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-4001 CRITICAL Act Now

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Orchestrator
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-25475 CRITICAL Act Now

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP News Script Php Pro
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-28991 CRITICAL PATCH Act Now

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitea Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy