Skip to main content
CVE-2020-15600 MEDIUM POC This Month

An issue was discovered in CMSUno before 1.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cmsuno
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-15599 MEDIUM POC This Month

Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Victor Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-11882 MEDIUM POC This Month

The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect O2 Business
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-15037 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15036 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15392 MEDIUM POC This Month

A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supravizio Bpm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-15096 MEDIUM PATCH This Month

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-15509 MEDIUM PATCH This Month

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android Ble Library Dfu Library
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10730 MEDIUM This Month

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Red Hat Samba +4
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-15566 MEDIUM This Month

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15564 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15563 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-15575 MEDIUM This Month

SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-15573 MEDIUM This Month

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serv U
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-8916 MEDIUM PATCH This Month

A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Wpantund
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15584 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15583 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-15582 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15580 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15578 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15577 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-15035 MEDIUM PATCH This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15034 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15033 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15032 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15031 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15030 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15029 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15028 MEDIUM This Month

NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15517 MEDIUM PATCH This Month

The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Faceted Search
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15516 MEDIUM This Month

The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Mm Forum
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-15514 MEDIUM PATCH This Month

The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jh Captcha
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15581 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2020-15525 MEDIUM This Month

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-15513 MEDIUM PATCH This Month

The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Typo3 Forum
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-15095 MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. Rated medium severity (CVSS 4.4).

Node.js Information Disclosure npm Leap Fedora
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy