Skip to main content
CVE-2020-13426 MEDIUM POC This Month

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Multi Scheduler
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14973 MEDIUM POC This Month

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-13427 MEDIUM POC PATCH This Month

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Victorcms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-14202 MEDIUM POC This Month

WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webfocus Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14943 MEDIUM POC This Month

The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2020-13480 MEDIUM POC This Month

Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Workforce Optimization
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-14962 MEDIUM POC This Month

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Image Photo Gallery Final Tiles Grid
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14959 MEDIUM POC This Month

Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Testimonials
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-14946 MEDIUM POC This Month

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bsa Radar
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
7.7%
CVE-2020-4033 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-4030 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-11099 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11098 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-11096 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-14981 MEDIUM This Month

The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Apple Password Vault
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-14980 MEDIUM This Month

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Sophos Information Disclosure Sophos Secure Email
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-7262 MEDIUM This Month

Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-11097 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11095 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-1727 MEDIUM This Month

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-9288 MEDIUM This Month

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortiwlc
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4070 MEDIUM PATCH This Month

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Css Validator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13888 MEDIUM This Month

Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Kordil Edms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14961 MEDIUM PATCH This Month

Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4060 MEDIUM This Month

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Denial Of Service Memory Corruption Lora Basics Station
NVD GitHub
CVSS 3.1
5.0
EPSS
0.9%
CVE-2020-4032 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freerdp Fedora Leap Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy