Skip to main content
CVE-2020-13471 MEDIUM POC This Month

Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apm32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-13468 MEDIUM POC This Month

Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gd32F130 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-13465 MEDIUM POC This Month

The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gd32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-20628 MEDIUM POC This Month

controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wp Gdpr
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-24699 MEDIUM POC This Month

The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Chamber Dashboard Business Directory
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13655 MEDIUM POC This Month

An issue was discovered in Collabtive 3.0 and later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Collabtive
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11617 MEDIUM POC This Month

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tht741Fta Firmware Dtr3502Bfta Dvb T2 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-20626 MEDIUM POC This Month

lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google WordPress PHP Lara S Google Analytics
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-20627 MEDIUM POC This Month

The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP Givewp
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-13472 MEDIUM POC This Month

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-13470 MEDIUM POC This Month

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32F103 Firmware Gd32F130 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-13469 MEDIUM POC This Month

The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gd32Vf103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-13466 MEDIUM This Month

STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stm32F103 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5419 MEDIUM This Month

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Rabbitmq Server Rabbitmq
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-13595 MEDIUM This Month

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-13594 MEDIUM This Month

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-17465 MEDIUM This Month

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25033 MEDIUM This Month

The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Subscribe Sidebar
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25047 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-25046 MEDIUM This Month

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-4492 MEDIUM This Month

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13828 MEDIUM This Month

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12646 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15020 MEDIUM This Month

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Website Builder
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14364 MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +6
NVD
CVSS 3.1
5.0
EPSS
5.4%
CVE-2020-12644 MEDIUM This Month

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
0.7%
CVE-2020-25048 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-13467 MEDIUM This Month

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cks32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-13463 MEDIUM This Month

The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apm32F103 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-12643 MEDIUM This Month

OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-13464 MEDIUM This Month

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Cks32F103 Firmware
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy