Skip to main content
CVE-2020-12027 MEDIUM POC THREAT This Month

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Rockwell Information Disclosure Factorytalk View
NVD GitHub
CVSS 3.1
4.3
EPSS
53.0%
CVE-2020-15053 MEDIUM POC This Month

An issue was discovered in Artica Proxy CE before 4.28.030.418. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-7680 MEDIUM POC PATCH This Month

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Docsify
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.5%
CVE-2020-13932 MEDIUM PATCH This Month

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Artemis
NVD VulDB
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-14491 MEDIUM This Month

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openclinic Ga
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-4466 MEDIUM PATCH This Month

IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq For Hpe Nonstop
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6872 MEDIUM This Month

The server management software module of ZTE has a storage XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zte R8500G4 Firmware R5500G4 Firmware R5300G4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4527 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-3442 MEDIUM PATCH This Month

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Duoconnect
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2020-15118 MEDIUM PATCH This Month

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Python Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-15111 MEDIUM PATCH This Month

In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Fiber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-1776 MEDIUM PATCH This Month

When an agent user is renamed or set to invalid the session belonging to the user is keept active. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Otrs
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-4361 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy