Skip to main content
CVE-2020-27533 MEDIUM POC This Month

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dedecms
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.5%
CVE-2020-26650 MEDIUM POC This Month

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Atomxcms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-27621 MEDIUM POC This Month

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-9810 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-15682 MEDIUM This Month

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-27646 MEDIUM This Month

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure File Transfer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-9939 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-27642 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Greenlight
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-27620 MEDIUM This Month

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Skin
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-3996 MEDIUM This Month

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Velero
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27673 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-9997 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X Watchos
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-9902 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-9772 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3918 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-27666 MEDIUM PATCH This Month

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Strapi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27674 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen Fedora Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-15680 MEDIUM This Month

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-9787 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipad Os Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27675 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Fedora +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-15270 MEDIUM PATCH This Month

Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-9935 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy