Skip to main content
CVE-2020-15091 MEDIUM POC PATCH This Month

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Tendermint
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8176 MEDIUM POC PATCH This Month

A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Koa Shopify Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4061 MEDIUM POC PATCH This Month

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-15081 MEDIUM POC PATCH This Month

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-8166 MEDIUM POC PATCH This Month

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rails Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-9498 MEDIUM This Month

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. Rated medium severity (CVSS 6.7). No vendor patch available.

Buffer Overflow Apache Memory Corruption RCE Guacamole +2
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-8185 MEDIUM PATCH This Month

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails Fedora
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-3391 MEDIUM This Month

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Digital Network Architecture Center
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15083 MEDIUM PATCH This Month

In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13653 MEDIUM This Month

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-2217 MEDIUM This Month

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Compatibility Action Storage
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-2207 MEDIUM PATCH This Month

Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Vncviewer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-2206 MEDIUM PATCH This Month

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Vncrecorder
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3282 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service Unity Connection
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15079 MEDIUM PATCH This Month

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Prestashop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-11074 MEDIUM PATCH This Month

In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2219 MEDIUM This Month

Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Link Column
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2214 MEDIUM PATCH This Month

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Zap Pipeline
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2204 MEDIUM PATCH This Month

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Fortify On Demand
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-2201 MEDIUM PATCH This Month

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Sonargraph Integration
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5909 MEDIUM This Month

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Controller
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-15080 MEDIUM PATCH This Month

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-2205 MEDIUM PATCH This Month

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Vncrecorder
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-3340 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-9497 MEDIUM This Month

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. Rated medium severity (CVSS 4.4). No vendor patch available.

Apache Information Disclosure Guacamole Fedora Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.8%
CVE-2020-2216 MEDIUM This Month

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Authentication Bypass Zephyr For Jira Test Management
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2215 MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jenkins Zephyr For Jira Test Management
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2213 MEDIUM PATCH This Month

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure White Source
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2212 MEDIUM This Month

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Coverage Reporter
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2210 MEDIUM This Month

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Stash Branch Parameter
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2209 MEDIUM PATCH This Month

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Testcomplete Support
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2208 MEDIUM This Month

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Slack Upload
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2203 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Fortify On Demand
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2202 MEDIUM PATCH This Month

A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Fortify On Demand
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-8179 MEDIUM This Month

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Deck
NVD
CVSS 3.1
4.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy