Skip to main content
CVE-2020-15693 MEDIUM POC PATCH This Month

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Nim
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-12648 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-17473 MEDIUM This Month

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zkbiosecurity Server Facedepot 7B Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-9229 MEDIUM This Month

FusionCompute 8.0.0 has an information disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-15141 MEDIUM PATCH This Month

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Python Path Traversal Openapi Python Client
NVD GitHub
CVSS 3.1
4.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy