Skip to main content
CVE-2020-13871 HIGH POC PATCH This Week

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Sqlite Fedora +10
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-13890 MEDIUM POC This Month

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Neon
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13889 MEDIUM POC This Month

showAlert() in the administration panel in Bludit 3.12.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-13881 HIGH PATCH This Week

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pam Tacplus Debian Linux Ubuntu Linux Cloudvision Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-13883 MEDIUM This Month

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Microgateway Identity Server As Key Manager
NVD
CVSS 3.1
6.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy