CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/16 3:25 p.m.•4 views

CVE-2020-37228

Exploits1References4Affected Software1

EUVD•added 2026/05/16 3:25 p.m.•8 views

EUVD-2020-31229

CVE•added 2026/05/16 3:25 p.m.•10 views

CVE-2020-37228

The CVE-2020-37228 entry concerns iDS6 DSSPro Digital Signage System 6.2, where a CAPTCHA security bypass allows authentication bypass by requesting the autoLoginVerifyCode object. Attackers can obtain valid CAPTCHA codes via the login endpoint and use them to brute-force user accounts. The vulne...

Positive Technologies•added 2026/05/16 12:0 a.m.•14 views

PT-2026-41428

Vulnrichment•added 2026/01/06 3:53 p.m.•3 views

Exploits1References5

CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS6.2AI score0.0028EPSS

Exploits1References6

CVE•added 2026/01/06 3:52 p.m.•8 views

CVE-2020-36918

CVE-2020-36918 affects the iDS6 DSSPro Digital Signage System v6.2. It describes a cross-site request forgery (CSRF) where an attacker can induce susceptible admins to perform actions (e.g., add unauthorized users) without proper request validation by crafting malicious pages. The vulnerability s...

5.1CVSS6.4AI score0.00142EPSS

Exploits1References7

Cvelist•added 2026/01/06 3:52 p.m.•27 views

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS0.00142EPSS

Exploits1References7

Positive Technologies•added 2026/01/06 12:0 a.m.•2 views

PT-2026-1452

5.1CVSS6.8AI score0.00142EPSS

Exploits1References8

OSV•added 2025/12/10 9:16 p.m.•1 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.8CVSS5.7AI score0.00224EPSS

Cvelist•added 2025/12/10 9:4 p.m.•23 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

8.6CVSS0.00224EPSS

Vulnrichment•added 2025/12/10 9:4 p.m.•3 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

8.6CVSS6.4AI score0.00224EPSS

CNNVD•added 2025/11/20 12:0 a.m.•1 views

Narkom Pyxis Signage 跨站脚本漏洞

Narkom Pyxis Signage is a digital notice screen management system from Narkom Turkey. A cross-site scripting vulnerability exists in Narkom Pyxis Signage 31012025 and earlier versions, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...

7.2CVSS5.9AI score0.00325EPSS

Exploits0References1

CNVD•added 2021/03/15 12:0 a.m.•5 views

Weak password vulnerability in StarNet Ruijie's digital signage

Starnet Ruijie Digital Signage is a digital signage information platform that effectively responds to the complex information distribution environment of decentralization, fragmentation and mobility. A weak password vulnerability exists in Starnet Digital Signage, which can be exploited by an...

6.9AI score

Packet Storm•added 2020/11/05 12:0 a.m.•303 views

iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...

Exploit DB•added 2020/11/05 12:0 a.m.•406 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

Zero Science Lab•added 2020/11/04 12:0 a.m.•335 views

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

5.1CVSS5.8AI score0.00142EPSS

Exploits1

Exploit DB•added 2020/09/25 12:0 a.m.•418 views

B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin)

Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery Add Maintenance Admin Date: 2020-09-16 Exploit Author: LiquidWorm Vendor Homepage: https://www.b-swiss.com Version: 3.6.5 Affected version: 3.6.5,3.6.2,3.6.1,3.6.0,3.5.80,3.5.40,3.5.20,3.5.00,3.2.00,3.1.00 !--...

Exploit DB•added 2020/09/25 12:0 a.m.•296 views

B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure

Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure Date: 2020-09-16 Exploit Author: LiquidWorm Vendor Homepage: https://www.b-swiss.com Version: 3.6.5 Affected version: 3.6.5,3.6.2,3.6.1,3.6.0,3.5.80,3.5.40,3.5.20,3.5.00,3.2.00,3.1.00 B-swiss 3 Digital Signage System 3.6....

Exploit DB•added 2020/09/21 12:0 a.m.•294 views

B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution

Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Remote Code Execution Date: 2020-08-27 Exploit Author: LiquidWorm Vendor Homepage: https://www.b-swiss.com Version: = 3.6.5 CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code...