Skip to main content
CVE-2020-12131 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12130 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12129 MEDIUM POC This Month

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Airdisk Pro
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12135 MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie C Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-12063 MEDIUM POC This Month

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Postfix
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-11013 MEDIUM POC PATCH This Month

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
5.0
EPSS
1.3%
CVE-2020-7134 MEDIUM This Month

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hpe Iot Gcp
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4267 MEDIUM This Month

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-6213 MEDIUM This Month

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-12245 MEDIUM PATCH This Month

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Grafana
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-12137 MEDIUM This Month

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailman Debian Linux Fedora Ubuntu Linux +2
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2020-12132 MEDIUM This Month

Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S A M I
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-1741 MEDIUM This Month

A flaw was found in openshift-ansible. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-6212 MEDIUM This Month

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-6827 MEDIUM This Month

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox Esr
NVD
CVSS 3.1
4.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy