Skip to main content
CVE-2020-5767 MEDIUM POC This Month

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Email Subscribers Newsletters
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15807 MEDIUM POC This Month

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15497 MEDIUM POC This Month

jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-14928 MEDIUM POC PATCH This Month

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Evolution Data Server Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
2.8%
CVE-2020-5769 MEDIUM POC This Month

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gateway Trb245 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7696 MEDIUM POC PATCH This Month

This affects all versions of package react-native-fast-image. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure React Native Fast Image
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-5768 MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Email Subscribers Newsletters
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2020-0122 MEDIUM PATCH This Month

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9259 MEDIUM This Month

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Honor V30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-1651 MEDIUM This Month

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1641 MEDIUM This Month

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-0305 MEDIUM PATCH This Month

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Privilege Escalation Android Leap
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-15803 MEDIUM PATCH This Month

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zabbix Fedora Debian Linux Backports +1
NVD
CVSS 3.1
6.1
EPSS
32.3%
CVE-2020-9485 MEDIUM PATCH This Month

An issue was found in Apache Airflow versions 1.10.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-15586 MEDIUM PATCH This Month

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Go Cf Deployment Routing Release +3
NVD
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-9255 MEDIUM This Month

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9227 MEDIUM This Month

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Moana Al00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-0107 MEDIUM PATCH This Month

In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-1643 MEDIUM This Month

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Juniper Amd Junos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9649 MEDIUM This Month

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2020-4104 MEDIUM This Month

HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bigfix Webui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11983 MEDIUM PATCH This Month

An issue was found in Apache Airflow versions 1.10.10 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-1655 MEDIUM This Month

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-5130 MEDIUM This Month

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-14039 MEDIUM PATCH This Month

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go Leap
NVD
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy