Skip to main content
CVE-2020-24609 MEDIUM POC This Month

TechKshetra Info Solutions Pvt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Savsoft Quiz
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.8%
CVE-2020-14042 MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24242 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-24241 MEDIUM POC This Month

In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-17402 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17398 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17393 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-17391 MEDIUM This Month

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-7824 MEDIUM This Month

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ipecs
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-17386 MEDIUM This Month

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cellos
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5541 MEDIUM This Month

Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cybermail
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-5540 MEDIUM This Month

Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cybermail
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-17401 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-17394 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallels Desktop
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2020-19005 MEDIUM PATCH This Month

zrlog v2.1.0 has a vulnerability with the permission check. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Zrlog
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2020-24240 MEDIUM PATCH This Month

GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Bison
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-5620 MEDIUM This Month

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exment
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-5619 MEDIUM This Month

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exment
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-24622 MEDIUM This Month

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-16197 MEDIUM This Month

An issue was discovered in Octopus Deploy 3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy