Skip to main content
CVE-2020-24553 MEDIUM POC PATCH This Month

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Go Fedora Leap Communications Cloud Native Core Policy
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2020-24604 MEDIUM POC This Month

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24602 MEDIUM POC This Month

Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName",. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-24601 MEDIUM POC This Month

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25073 MEDIUM POC This Month

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Freedombox
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-5379 MEDIUM This Month

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Inspiron 7352 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5378 MEDIUM This Month

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE G7 17 7790 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5376 MEDIUM This Month

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Dell RCE Inspiron 7347 Bios
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-15811 MEDIUM PATCH This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
4.2%
CVE-2020-15810 MEDIUM This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Squid Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-12621 MEDIUM This Month

The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Teamwire
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-16150 MEDIUM This Month

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mbed Tls Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8576 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4546 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4522 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4445 MEDIUM This Month

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Doors Next Engineering Requirements Management Doors Next Engineering Test Management +7
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-17458 MEDIUM This Month

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Multiux
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-25026 MEDIUM PATCH This Month

The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Event Management And Registration
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-25025 MEDIUM PATCH This Month

The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure Localization Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy