Skip to main content
CVE-2020-9472 MEDIUM POC PATCH This Month

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Umbraco Cms
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-1753 MEDIUM POC PATCH This Month

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Ansible Engine Ansible Tower Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-7608 MEDIUM POC PATCH This Month

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Yargs Parser
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-1735 MEDIUM POC PATCH This Month

A flaw was found in the Ansible Engine when the fetch module is used. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Ansible Tower Cloudforms Management Engine Openstack +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-7916 MEDIUM This Month

be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP Learnpress
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-6584 MEDIUM This Month

Nagios Log Server 2.1.3 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2020-10242 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-6175 MEDIUM This Month

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-6586 MEDIUM This Month

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.1
5.4
EPSS
27.3%
CVE-2020-10240 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-9518 MEDIUM This Month

Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-9519 MEDIUM This Month

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-1740 MEDIUM PATCH This Month

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. Rated medium severity (CVSS 4.7). No vendor patch available.

Hashicorp Information Disclosure Ansible Ansible Tower Cloudforms Management Engine +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy