Skip to main content
CVE-2020-9473 MEDIUM POC This Month

The S. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Sg 150 0 Firmware
NVD
CVSS 3.1
6.6
EPSS
1.0%
CVE-2020-11591 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11590 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11588 MEDIUM POC This Month

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cipace
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7639 MEDIUM POC PATCH This Month

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dot
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-7638 MEDIUM POC PATCH This Month

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Confinit
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7637 MEDIUM POC PATCH This Month

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Class Transformer
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-11585 MEDIUM POC This Month

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dotnetnuke
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-11565 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.6.2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-11102 MEDIUM This Month

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-1728 MEDIUM This Month

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Quarkus
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-5300 MEDIUM PATCH This Month

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Hydra
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy