Skip to main content
CVE-2020-13329 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13324 MEDIUM POC This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-13320 MEDIUM POC This Month

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-8238 MEDIUM POC This Month

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Secure Policy Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-26043 MEDIUM POC This Month

An issue was discovered in Hoosk CMS v1.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hoosk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-25761 MEDIUM POC This Month

Projectworlds Visitor Management System in PHP 1.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Visitor Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-22481 MEDIUM POC This Month

An issue was discovered in HFish 0.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hfish
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-12869 MEDIUM POC This Month

RainbowFish PacsOne Server 6.8.4 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pacsone Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-22842 MEDIUM POC This Month

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13331 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13330 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-19676 MEDIUM POC PATCH This Month

Nacos 1.1.4 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nacos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-8256 MEDIUM POC This Month

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2020-21244 MEDIUM POC This Month

An issue was discovered in FrontAccounting 2.4.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Frontaccounting
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-19670 MEDIUM POC This Month

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Niushop
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-25830 MEDIUM POC PATCH This Month

An issue was discovered in MantisBT before 2.24.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Mantisbt
NVD GitHub
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-25288 MEDIUM POC PATCH This Month

An issue was discovered in MantisBT before 2.24.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mantisbt
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-13336 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-13328 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-25781 MEDIUM POC PATCH This Month

An issue was discovered in file_download.php in MantisBT before 2.24.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Mantisbt
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-15595 MEDIUM POC This Month

An issue was discovered in Zoho Application Control Plus before version 10.0.511. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Application Control Plus
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-13794 MEDIUM POC PATCH This Month

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-13319 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-25816 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-26137 MEDIUM PATCH This Month

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Urllib3 Ubuntu Linux Debian Linux Communications Cloud Native Core Network Function Cloud Native Environment +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-24570 MEDIUM This Month

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF CSRF Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-25626 MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework Ceph Storage Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-24721 MEDIUM This Month

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Apple Exposure Notifications
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-13953 MEDIUM PATCH This Month

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Information Disclosure Tapestry
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2020-5132 MEDIUM This Month

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Sma100 Firmware Sonicos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-24569 MEDIUM This Month

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15594 MEDIUM This Month

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho SSRF Manageengine Application Control Plus
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-13326 MEDIUM This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy