Skip to main content
CVE-2020-5290 MEDIUM POC This Month

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Session Fixation Rctf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10864 MEDIUM POC This Month

An issue was discovered in Avast Antivirus before 20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-1943 MEDIUM POC THREAT This Month

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.1
6.1
EPSS
97.3%
CVE-2020-11457 MEDIUM POC PATCH This Month

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Pfsense
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
9.3%
CVE-2020-11456 MEDIUM POC PATCH THREAT This Month

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
70.8%
CVE-2020-7064 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
5.4
EPSS
4.3%
CVE-2020-11466 MEDIUM POC This Month

An issue was discovered in Deskpro before 2019.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deskpro
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-11464 MEDIUM POC This Month

An issue was discovered in Deskpro before 2019.8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deskpro
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-7066 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc Leap Debian Linux
NVD
CVSS 3.1
4.3
EPSS
2.8%
CVE-2020-7263 MEDIUM This Month

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-8145 MEDIUM This Month

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Microsoft Information Disclosure Unifi Video
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-1958 MEDIUM PATCH This Month

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Druid
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2020-9770 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-8966 MEDIUM PATCH This Month

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10598 MEDIUM This Month

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pyxis Medstation Es Firmware Pyxis Anesthesia Station Es Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-1949 MEDIUM This Month

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sling Cms
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-3902 MEDIUM This Month

An input validation issue was addressed with improved input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-3884 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Mac Os X
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-6753 MEDIUM This Month

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Login By Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-5392 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-3917 MEDIUM This Month

This issue was addressed with a new entitlement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3914 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-3889 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3881 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1954 MEDIUM PATCH This Month

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Apache Information Disclosure Cxf Communications Diameter Signaling Router Communications Element Manager +7
NVD
CVSS 3.1
5.3
EPSS
6.1%
CVE-2020-1934 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Apache Information Disclosure Http Server Fedora Debian Linux +8
NVD
CVSS 3.1
5.3
EPSS
52.0%
CVE-2020-9781 MEDIUM This Month

The issue was addressed by clearing website permission prompts after navigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-9777 MEDIUM This Month

An issue existed in the selection of video file by Mail. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-9775 MEDIUM This Month

An issue existed in the handling of tabs displaying picture in picture video. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-3916 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-3890 MEDIUM This Month

The issue was addressed with improved deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-11445 MEDIUM This Month

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link Nc450 Firmware Nc260 Firmware Nc250 Firmware +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-10203 MEDIUM PATCH This Month

Sonatype Nexus Repository before 3.21.2 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2018-11802 MEDIUM PATCH This Month

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Solr
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-9784 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-3888 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-3887 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-3885 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +4
NVD
CVSS 3.1
4.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy