Skip to main content
CVE-2020-6816 MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-6802 MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-10385 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
4.4%
CVE-2020-10942 MEDIUM POC PATCH This Month

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Rated medium severity (CVSS 5.3). Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Leap +2
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-10847 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2020-10839 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2020-10844 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-10845 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Samsung Information Disclosure Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-10570 MEDIUM This Month

The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Telegram
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-10941 MEDIUM This Month

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mbed Crypto Mbed Tls Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-1744 MEDIUM PATCH This Month

A flaw was found in keycloak before version 9.0.1. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.6
EPSS
1.1%
CVE-2020-10846 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-10853 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-10834 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-4309 MEDIUM PATCH This Month

IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-9359 MEDIUM PATCH This Month

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

RCE Okular Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-10855 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy