Skip to main content
CVE-2020-16844 MEDIUM POC PATCH This Month

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Istio
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-5789 MEDIUM POC This Month

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trb245 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-5788 MEDIUM POC This Month

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trb245 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5787 MEDIUM POC This Month

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trb245 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-5784 MEDIUM POC This Month

Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Trb245 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-15666 MEDIUM POC This Month

When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5785 MEDIUM POC This Month

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trb245 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24861 MEDIUM POC This Month

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Getsimple Cms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-24860 MEDIUM POC This Month

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-25200 MEDIUM POC This Month

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pritunl
NVD GitHub
CVSS 3.1
5.3
EPSS
7.5%
CVE-2020-15228 MEDIUM POC PATCH This Month

In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Toolkit
NVD GitHub
CVSS 3.1
5.0
EPSS
1.5%
CVE-2020-15665 MEDIUM POC This Month

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15664 MEDIUM This Month

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Authentication Bypass Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-14223 MEDIUM PATCH This Month

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15677 MEDIUM This Month

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-15676 MEDIUM This Month

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-13940 MEDIUM PATCH This Month

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache XXE Nifi
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-5387 MEDIUM This Month

Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Xps 13 9370 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-15668 MEDIUM This Month

A lock was missing when accessing a data structure and importing certificate information into the trust database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy