Skip to main content
CVE-2020-5188 MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-8130 MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-9382 MEDIUM POC PATCH This Month

An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Widgets
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-5186 MEDIUM POC This Month

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1935 MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat Information Disclosure Debian Linux +18
NVD
CVSS 3.1
4.8
EPSS
9.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy