Skip to main content
CVE-2020-8466 CRITICAL POC THREAT Act Now

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
63.7%
CVE-2020-8465 CRITICAL POC Act Now

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro CSRF Authentication Bypass Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-22083 CRITICAL POC PATCH Act Now

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Jsonpickle
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2020-25094 CRITICAL POC Act Now

LogRhythm Platform Manager 7.4.9 allows Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Platform Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2020-35489 CRITICAL Act Now

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE Contact Form 7
NVD WPScan
CVSS 3.1
10.0
EPSS
89.6%
CVE-2020-12522 CRITICAL Act Now

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pfc 100 Firmware Pfc 200 Firmware Touch Panel 600 Standard Firmware Touch Panel 600 Advanced Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-12519 CRITICAL Act Now

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Plcnext Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-35545 CRITICAL Act Now

Time-based SQL injection exists in Spotweb 1.4.9 via the query string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Spotweb
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-26276 CRITICAL PATCH Act Now

Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mattermost Authentication Bypass Fleet
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-25011 CRITICAL Act Now

A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kps2204 6 Port Managed Din Rail Programmable Serial Device Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-25010 CRITICAL Act Now

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Kps2204 6 Port Managed Din Rail Programmable Serial Device Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-35197 CRITICAL Act Now

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Memcached Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35196 CRITICAL Act Now

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Rabbitmq Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-35195 CRITICAL Act Now

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Haproxy Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35192 CRITICAL Act Now

The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Docker Authentication Bypass Vault
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35191 CRITICAL Act Now

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Drupal Docker Images
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-35190 CRITICAL Act Now

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Plone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35186 CRITICAL Act Now

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Adminer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35184 CRITICAL Act Now

The official composer docker images before 1.8.3 contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Composer Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-35189 CRITICAL Act Now

The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Kong Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35187 CRITICAL Act Now

The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Telegraf
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-35185 CRITICAL Act Now

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Ghost Alpine Docker Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-12523 CRITICAL Act Now

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Fl Mguard Rs4004 Tx Dtx Firmware Fl Mguard Rs4004 Tx Dtx Vpn Firmware +5
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2020-12517 CRITICAL Act Now

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Plcnext Firmware
NVD
CVSS 3.1
9.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy