Skip to main content
CVE-2020-9279 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-9277 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-9275 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-9278 CRITICAL POC Act Now

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsl 2640B Firmware
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2020-9276 HIGH POC This Week

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption D-Link Dsl 2640B Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-11888 MEDIUM POC PATCH This Month

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Python Markdown2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-11930 MEDIUM POC PATCH This Month

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Translate Wordpress With Gtranslate
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2020-11928 CRITICAL Act Now

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Media Library Assistant
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-10935 MEDIUM POC This Month

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11010 HIGH PATCH This Week

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Tortoise Orm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-11753 HIGH PATCH This Week

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Nexus Repository Manager 3
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-5569 HIGH This Week

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Password Tool For Windows
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2020-11946 HIGH This Week

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Opmanager
NVD
CVSS 3.1
7.5
EPSS
51.8%
CVE-2020-3946 HIGH This Week

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Installbuilder
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-5293 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5288 MEDIUM PATCH This Month

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5287 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-5279 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-11944 MEDIUM PATCH This Month

Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bitcoin Abe
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-9445 MEDIUM This Month

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9444 MEDIUM This Month

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5286 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5285 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5278 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5276 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5272 MEDIUM PATCH This Month

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5271 MEDIUM PATCH This Month

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5270 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Redirect Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5269 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5265 MEDIUM PATCH This Month

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5264 MEDIUM PATCH This Month

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9070 MEDIUM This Month

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Taurus Al00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-1803 MEDIUM This Month

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Honor V20 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy