Skip to main content
CVE-2020-8615 MEDIUM POC This Month

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tutor Lms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.8%
CVE-2020-8120 MEDIUM POC This Month

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nextcloud Nextcloud Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-8115 MEDIUM POC This Month

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Revive Adserver
NVD
CVSS 3.1
6.1
EPSS
7.1%
CVE-2020-8124 MEDIUM POC PATCH This Month

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Url Parse
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-8118 MEDIUM POC This Month

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server Backports Sle Suse Linux Enterprise Server
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2020-8123 MEDIUM POC PATCH This Month

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Strapi
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-8122 MEDIUM POC This Month

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-5236 MEDIUM PATCH This Month

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Waitress
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-3939 MEDIUM This Month

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syuan Gu Da Shin
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8119 MEDIUM This Month

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-8117 MEDIUM This Month

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy