Skip to main content
CVE-2020-15926 MEDIUM POC PATCH This Month

Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-9415 MEDIUM This Month

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Virtualization Data Virtualization For Aws Marketplace
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-7019 MEDIUM PATCH This Month

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-14333 MEDIUM This Month

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy