Skip to main content
CVE-2020-8994 MEDIUM POC This Month

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mdz 25 Dt Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-5405 MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2020-4083 MEDIUM POC This Month

HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-4082 MEDIUM POC This Month

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-10107 MEDIUM POC This Month

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Daily Expense Tracker System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10100 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zammad
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5250 MEDIUM PATCH This Month

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2020-10103 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10099 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10098 MEDIUM PATCH This Month

An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zammad
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-10105 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10102 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-10097 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Zammad
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-10104 MEDIUM PATCH This Month

An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy