Skip to main content
CVE-2020-8791 MEDIUM POC This Month

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oklok
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-12626 MEDIUM POC PATCH This Month

An issue was discovered in Roundcube Webmail before 1.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Webmail Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-12625 MEDIUM POC PATCH This Month

An issue was discovered in Roundcube Webmail before 1.4.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webmail Debian Linux Backports Sle +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-12475 MEDIUM POC This Month

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Path Traversal Omada Controller
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-12629 MEDIUM POC PATCH This Month

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Osticket
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-10933 MEDIUM POC This Month

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruby Fedora Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-8792 MEDIUM POC This Month

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Oklok
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-10717 MEDIUM PATCH This Month

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5337 MEDIUM This Month

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Archer
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5336 MEDIUM This Month

RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5334 MEDIUM This Month

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12639 MEDIUM This Month

phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phplist
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-8896 MEDIUM This Month

A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Google Earth
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-5331 MEDIUM This Month

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-10618 MEDIUM This Month

LCDS LAquis SCADA Versions 4.3.1 and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Laquis Scada
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-4209 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-10700 MEDIUM This Month

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Samba Fedora +1
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-10686 MEDIUM PATCH This Month

A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2020-12114 MEDIUM PATCH This Month

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-5333 MEDIUM This Month

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-1732 MEDIUM PATCH This Month

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Authentication Bypass Soteria Jboss Enterprise Application Platform Jboss Enterprise Application Platform Continuous Delivery Openshift Application Runtimes
NVD GitHub
CVSS 3.1
4.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy