Skip to main content
CVE-2020-11106 MEDIUM POC This Month

An issue was discovered in Responsive Filemanager through 9.14.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Responsive Filemanager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-5725 MEDIUM POC This Month

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ucm6202 Firmware Ucm6204 Firmware Ucm6208 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2020-10560 MEDIUM POC This Month

An issue was discovered in Open Source Social Network (OSSN) through 5.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure PHP Open Source Social Network
NVD GitHub
CVSS 3.1
5.9
EPSS
3.8%
CVE-2020-11104 MEDIUM POC This Month

An issue was discovered in USC iLab cereal through 1.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cereal
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-5284 MEDIUM POC PATCH THREAT This Month

Next.js versions before 9.3.2 have a directory traversal vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Next Js
NVD GitHub
CVSS 3.1
4.3
EPSS
43.4%
CVE-2020-5289 MEDIUM PATCH This Month

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Elide
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-7599 MEDIUM PATCH This Month

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plugin Publishing
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-9055 MEDIUM This Month

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Lynx Customer Service Portal
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-5274 MEDIUM PATCH This Month

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-5255 MEDIUM PATCH This Month

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Symfony
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy