Skip to main content
CVE-2020-15532 MEDIUM POC This Month

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Bluetooth Low Energy Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-13825 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15634 MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-12619 MEDIUM This Month

MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mailmate
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-16280 MEDIUM This Month

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rangeeos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15119 MEDIUM PATCH This Month

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-12618 MEDIUM This Month

eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Em Client
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-4687 MEDIUM This Month

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy