Skip to main content
CVE-2020-13231 MEDIUM POC This Month

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cacti Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13152 MEDIUM POC This Month

A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Amarok
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.4%
CVE-2020-13240 MEDIUM POC This Month

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13239 MEDIUM POC This Month

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13225 MEDIUM POC This Month

phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpipam
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-13230 MEDIUM POC This Month

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cacti Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-11078 MEDIUM PATCH This Month

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Httplib2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
2.6%
CVE-2020-4461 MEDIUM This Month

IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-5753 MEDIUM This Month

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Private Messenger Signal
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-10726 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Data Plane Development Kit Fedora Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy