Skip to main content
CVE-2020-8140 MEDIUM POC This Month

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nextcloud Code Injection Apple Desktop
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-8138 MEDIUM POC This Month

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-10558 MEDIUM POC This Month

The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Model 3 Web Interface
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-9345 MEDIUM POC This Month

An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Signopad Api Web
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9343 MEDIUM POC This Month

An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Signopad Api Web
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-9344 MEDIUM POC This Month

Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subversion Application Lifecycle Management
NVD
CVSS 3.1
6.1
EPSS
5.2%
CVE-2020-10681 MEDIUM POC This Month

The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-1796 MEDIUM This Month

There is an improper authorization vulnerability in several smartphones. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2020-8139 MEDIUM This Month

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-10194 MEDIUM PATCH This Month

cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass Zm Mailbox
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-1878 MEDIUM This Month

Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Oxfords An00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1696 MEDIUM This Month

A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Certificate System Dogtagpki
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-1794 MEDIUM This Month

There is an improper authentication vulnerability in several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-1793 MEDIUM This Month

There is an improper authentication vulnerability in several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Mate 20 Firmware Mate 30 Pro Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-8883 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.4%
CVE-2020-8879 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.2%
CVE-2020-8877 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
4.3
EPSS
8.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy