Skip to main content
CVE-2020-15299 MEDIUM POC THREAT This Month

A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Kingcomposer
NVD
CVSS 3.1
6.1
EPSS
47.0%
CVE-2020-13992 MEDIUM POC This Month

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mods For Hesk
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-15001 MEDIUM POC This Month

An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Yubikey 5 Nfc Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-12405 MEDIUM POC This Month

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-7693 MEDIUM POC PATCH This Month

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Sockjs
NVD GitHub
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-13132 MEDIUM POC This Month

An issue was discovered in Yubico libykpiv before 2.1.0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libykpiv Piv Tool Manager Yubikey Smart Card Minidriver
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2020-13131 MEDIUM POC This Month

An issue was discovered in Yubico libykpiv before 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libykpiv Piv Tool Manager Yubikey Smart Card Minidriver
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-14171 MEDIUM This Month

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Bitbucket
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-10756 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp Openstack Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12425 MEDIUM This Month

Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-12421 MEDIUM This Month

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-12418 MEDIUM This Month

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2020-12415 MEDIUM This Month

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-12414 MEDIUM This Month

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12408 MEDIUM This Month

When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12407 MEDIUM This Month

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-5366 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-12424 MEDIUM This Month

When constructing a permission prompt for WebRTC, a URI was supplied from the content process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-15000 MEDIUM This Month

A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Yubikey 5 Nfc Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-15526 MEDIUM This Month

In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration >. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure VMware Sql Monitor
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-15092 MEDIUM PATCH This Month

In TimelineJS before version 3.7.0, some user data renders as HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google WordPress Timelinejs
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-12402 MEDIUM This Month

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Firefox Fedora Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-12399 MEDIUM This Month

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. Rated medium severity (CVSS 4.4). No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2020-4173 MEDIUM This Month

IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Insights Infosphere Guardium Activity Monitor
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-14170 MEDIUM This Month

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian SSRF Bitbucket
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12412 MEDIUM This Month

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-12404 MEDIUM This Month

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Apple Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy