Skip to main content
CVE-2020-10148 CRITICAL POC KEV THREAT Emergency

SolarWinds Orion API contains an authentication bypass that allows unauthenticated remote attackers to execute API commands, related to the massive SUNBURST supply chain attack discovered in December 2020.

NVD
CVSS 3.1
9.8
EPSS
94.3%
Threat
9.8
CVE-2020-10210 CRITICAL POC Act Now

Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10207 CRITICAL POC Act Now

Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-28283 CRITICAL POC Act Now

Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Libnested
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-28282 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Getobject
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-28281 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Set Object Value
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-28280 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Predefine
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28279 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Flattenizer
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-28278 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Shvl
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28277 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Dset
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-28276 CRITICAL POC Act Now

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Deep Set
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-35769 CRITICAL PATCH Act Now

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Webmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy