Skip to main content
CVE-2020-15261 MEDIUM POC PATCH THREAT This Month

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Veyon
NVD GitHub Exploit-DB
CVSS 3.1
6.7
EPSS
11.1%
CVE-2020-24375 MEDIUM POC This Month

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freebox Server Freebox V5 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-13937 MEDIUM POC PATCH THREAT This Month

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Kylin
NVD
CVSS 3.1
5.3
EPSS
78.3%
CVE-2020-11496 MEDIUM This Month

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Sprecon E
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-15263 MEDIUM PATCH This Month

In platform before version 9.4.4, inline attributes are not properly escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Platform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-10746 MEDIUM This Month

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Server Runtime
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-26891 MEDIUM PATCH This Month

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Synapse
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-8929 MEDIUM PATCH This Month

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tink Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-15910 MEDIUM This Month

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure N Central
NVD
CVSS 3.1
4.7
EPSS
5.5%
CVE-2020-9092 MEDIUM This Month

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Mate 20 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-9111 MEDIUM This Month

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service E6878 370 Firmware E6878 870 Firmware
NVD
CVSS 3.1
4.5
EPSS
0.3%
CVE-2020-15245 MEDIUM PATCH This Month

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sylius
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy