| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10148 | Cri | 0.83 | 9.8 | 0.92 | KEV | Dec 29, 2020 | The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds… | |
| CVE-2020-28283 | — | Cri | 0.64 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28282 | — | Cri | 0.64 | 9.8 | 0.04 | Dec 29, 2020 | Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28281 | — | Cri | 0.64 | 9.8 | 0.04 | Dec 29, 2020 | Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28280 | — | Cri | 0.57 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28279 | — | Cri | 0.57 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28278 | Cri | 0.57 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||
| CVE-2020-28277 | — | Cri | 0.57 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-28276 | — | Cri | 0.64 | 9.8 | 0.03 | Dec 29, 2020 | Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-35769 | Cri | 0.57 | 9.8 | 0.02 | Dec 29, 2020 | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | ||
| CVE-2020-27172 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2020 | An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. | ||
| CVE-2020-35613 | Cri | 0.66 | 9.8 | 0.28 | Dec 28, 2020 | An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. | ||
| CVE-2020-26290 | Cri | 0.54 | 9.3 | 0.01 | Dec 28, 2020 | Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the… | ||
| CVE-2020-26030 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2020 | An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | ||
| CVE-2020-35729 | Cri | 0.74 | 9.8 | 0.88 | Dec 27, 2020 | KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | ||
| CVE-2020-35245 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2020 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. | ||
| CVE-2020-35244 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2020 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | ||
| CVE-2020-35243 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2020 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. | ||
| CVE-2020-35242 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2020 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. | ||
| CVE-2020-29203 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2020 | struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. | ||
| CVE-2020-35364 | Cri | 0.64 | 9.8 | 0.02 | Dec 26, 2020 | Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. | ||
| CVE-2020-35575 | Cri | 0.64 | 9.8 | 0.08 | Dec 26, 2020 | A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500,… | ||
| CVE-2020-35713 | Cri | 0.66 | 9.8 | 0.33 | Dec 26, 2020 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | ||
| CVE-2020-35712 | Cri | 0.64 | 9.8 | 0.02 | Dec 26, 2020 | Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | ||
| CVE-2020-26282 | Cri | 0.58 | 10.0 | 0.05 | Dec 24, 2020 | BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template… | ||
| CVE-2020-29474 | Cri | 0.64 | 9.8 | 0.04 | Dec 24, 2020 | EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | ||
| CVE-2020-29472 | Cri | 0.64 | 9.8 | 0.04 | Dec 24, 2020 | EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. | ||
| CVE-2020-28188 | Cri | 0.74 | 9.8 | 0.97 | Dec 24, 2020 | Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. | ||
| CVE-2020-28187 | Cri | 0.65 | 9.8 | 0.16 | Dec 24, 2020 | Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php,… | ||
| CVE-2020-2503 | Cri | 0.59 | 9.0 | 0.01 | Dec 24, 2020 | If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | ||
| CVE-2020-35665 | Cri | 0.73 | 9.8 | 0.78 | Dec 23, 2020 | An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | ||
| CVE-2020-28074 | Cri | 0.64 | 9.8 | 0.02 | Dec 23, 2020 | SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | ||
| CVE-2020-28073 | Cri | 0.64 | 9.8 | 0.03 | Dec 23, 2020 | SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. | ||
| CVE-2020-28070 | Cri | 0.66 | 9.8 | 0.23 | Dec 23, 2020 | SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter. | ||
| CVE-2020-13968 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2020 | CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | ||
| CVE-2020-29552 | Cri | 0.64 | 9.8 | 0.05 | Dec 23, 2020 | An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root. | ||
| CVE-2020-29551 | Cri | 0.59 | 9.1 | 0.03 | Dec 23, 2020 | An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php,… | ||
| CVE-2020-11720 | Cri | 0.64 | 9.8 | 0.02 | Dec 23, 2020 | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this… | ||
| CVE-2020-25196 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | ||
| CVE-2020-25153 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2020 | The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | ||
| CVE-2020-29583 | Cri | 0.83 | 9.8 | 0.90 | KEV | Dec 22, 2020 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin… | |
| CVE-2020-25066 | Cri | 0.65 | 10.0 | 0.03 | Dec 22, 2020 | A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. | ||
| CVE-2020-24683 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2020 | The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a… | ||
| CVE-2020-24675 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2020 | In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | ||
| CVE-2020-24673 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2020 | In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file… | ||
| CVE-2018-15632 | Cri | 0.59 | 9.1 | 0.01 | Dec 22, 2020 | Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. | ||
| CVE-2020-8995 | Cri | 0.64 | 9.8 | 0.02 | Dec 21, 2020 | Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools. | ||
| CVE-2020-11717 | Cri | 0.64 | 9.8 | 0.02 | Dec 21, 2020 | An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. | ||
| CVE-2020-35605 | Cri | 0.00 | 9.8 | 0.04 | Dec 21, 2020 | The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. | ||
| CVE-2020-35604 | Cri | 0.64 | 9.8 | 0.02 | Dec 21, 2020 | An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. |
- risk 0.83cvss 9.8epss 0.92
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds…
- risk 0.64cvss 9.8epss 0.03
Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.04
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.04
Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.03
Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 9.8epss 0.02
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.
- risk 0.66cvss 9.8epss 0.28
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
- risk 0.54cvss 9.3epss 0.01
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
- risk 0.74cvss 9.8epss 0.88
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
- risk 0.64cvss 9.8epss 0.01
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
- risk 0.64cvss 9.8epss 0.01
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
- risk 0.64cvss 9.8epss 0.01
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
- risk 0.64cvss 9.8epss 0.01
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
- risk 0.64cvss 9.8epss 0.01
struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT.
- risk 0.64cvss 9.8epss 0.02
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.
- risk 0.64cvss 9.8epss 0.08
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500,…
- risk 0.66cvss 9.8epss 0.33
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
- risk 0.64cvss 9.8epss 0.02
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.
- risk 0.58cvss 10.0epss 0.05
BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template…
- risk 0.64cvss 9.8epss 0.04
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.04
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
- risk 0.74cvss 9.8epss 0.97
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
- risk 0.65cvss 9.8epss 0.16
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php,…
- risk 0.59cvss 9.0epss 0.01
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
- risk 0.73cvss 9.8epss 0.78
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
- risk 0.64cvss 9.8epss 0.02
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
- risk 0.64cvss 9.8epss 0.03
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.
- risk 0.66cvss 9.8epss 0.23
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
- risk 0.64cvss 9.8epss 0.01
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
- risk 0.59cvss 9.1epss 0.03
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php,…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this…
- risk 0.64cvss 9.8epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
- risk 0.64cvss 9.8epss 0.01
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
- risk 0.83cvss 9.8epss 0.90
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin…
- risk 0.65cvss 10.0epss 0.03
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a…
- risk 0.64cvss 9.8epss 0.01
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.
- risk 0.64cvss 9.8epss 0.01
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file…
- risk 0.59cvss 9.1epss 0.01
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
- risk 0.64cvss 9.8epss 0.02
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.
- risk 0.00cvss 9.8epss 0.04
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
- risk 0.64cvss 9.8epss 0.02
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.