Skip to main content
CVE-2020-15501 MEDIUM POC This Month

Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smarter Coffee Maker 1St Generation
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26870 MEDIUM POC PATCH This Month

Cure53 DOMPurify before 2.0.17 allows mutation XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dompurify Debian Linux Visual Studio 2017 Visual Studio 2019 +1
NVD GitHub
CVSS 3.1
6.1
EPSS
4.9%
CVE-2020-24722 MEDIUM POC This Month

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Exposure Notifications
NVD GitHub
CVSS 3.1
5.9
EPSS
2.5%
CVE-2020-25343 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Symphony
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-25867 MEDIUM POC This Month

SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Soplanning
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2020-17551 MEDIUM POC PATCH This Month

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Impresscms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-15226 MEDIUM POC PATCH This Month

In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-14355 MEDIUM PATCH This Month

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Spice Openstack Ubuntu Linux +7
NVD
CVSS 3.1
6.6
EPSS
2.7%
CVE-2020-13346 MEDIUM This Month

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15177 MEDIUM PATCH This Month

In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26164 MEDIUM PATCH This Month

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kdeconnect Backports Sle Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-25768 MEDIUM PATCH This Month

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Contao
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-15217 MEDIUM PATCH This Month

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-13335 MEDIUM This Month

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy