Skip to main content
CVE-2020-13865 MEDIUM POC This Month

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Elementor Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13864 MEDIUM POC This Month

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Elementor Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12849 MEDIUM POC This Month

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12848 MEDIUM POC This Month

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-13868 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-10068 MEDIUM PATCH This Month

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-8555 MEDIUM PATCH This Month

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes SSRF Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
3.7%
CVE-2020-11696 MEDIUM This Month

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11697 MEDIUM This Month

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13867 MEDIUM This Month

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Targetcli Fb Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13843 MEDIUM This Month

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-13870 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comments
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13869 MEDIUM PATCH This Month

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Comments
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9074 MEDIUM This Month

Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 20 Pro Firmware Honor View 20 Firmware Honor 20 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-1883 MEDIUM This Month

Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy