Skip to main content
CVE-2020-13157 MEDIUM POC This Month

modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13156 MEDIUM POC This Month

modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nukeviet
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-14976 MEDIUM POC PATCH This Month

GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2.1.17, allows a local attacker to read arbitrary files because it handles configuration-file errors by printing the configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Ubridge
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14073 MEDIUM POC This Month

XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2020-9438 MEDIUM This Month

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Smart Wifi Door Lock Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-5345 MEDIUM This Month

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unisphere For Powermax Emc Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4188 MEDIUM This Month

IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4028 MEDIUM This Month

Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Jira Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14965 MEDIUM This Month

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS CSRF TP-Link Tl Wr740N Firmware Tl Wr740Nd Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy