Skip to main content
CVE-2020-15018 MEDIUM POC This Month

playSMS through 1.4.3 is vulnerable to session fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Playsms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15015 MEDIUM POC This Month

The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fileultimate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14018 MEDIUM POC This Month

An issue was discovered in Navigate CMS 2.9 r1433. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Navigate Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-13483 MEDIUM POC This Month

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bitrix24
NVD GitHub
CVSS 3.1
6.1
EPSS
4.5%
CVE-2020-12866 MEDIUM POC This Month

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sane Backends Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.7
EPSS
1.0%
CVE-2020-15038 MEDIUM POC This Month

The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Coming Soon Page Under Construction Maintenance Mode
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.8%
CVE-2020-13248 MEDIUM POC This Month

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boolebox
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14014 MEDIUM POC This Month

An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Navigate Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-14007 MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-14006 MEDIUM POC This Month

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Orion Network Performance Monitor Orion Web Performance Monitor
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-15006 MEDIUM POC This Month

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bludit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14016 MEDIUM POC This Month

An issue was discovered in Navigate CMS 2.9 r1433. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Navigate Cms
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-15026 MEDIUM POC This Month

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Bludit
NVD GitHub
CVSS 3.1
4.9
EPSS
1.3%
CVE-2020-15041 MEDIUM POC This Month

PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-12864 MEDIUM POC This Month

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sane Backends Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-12863 MEDIUM POC This Month

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sane Backends Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-12862 MEDIUM POC This Month

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sane Backends Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-10277 MEDIUM This Month

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-4323 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4413 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4342 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4341 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4327 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-15025 MEDIUM PATCH This Month

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Ntp Leap Cloud Backup Steelstore Cloud Integrated Storage +12
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2020-10278 MEDIUM This Month

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
4.6
EPSS
1.0%
CVE-2020-4322 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-15011 MEDIUM PATCH This Month

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Mailman Ubuntu Linux Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy