Skip to main content
CVE-2020-25034 MEDIUM POC This Month

{URL], or search[attachment] parameter to the email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-25470 MEDIUM POC This Month

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Antsword
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-7196 MEDIUM This Month

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bluedata Epic Ezmeral Container Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-26161 MEDIUM This Month

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Octopus Deploy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-7126 MEDIUM This Month

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba SSRF Airwave Glass
NVD
CVSS 3.1
5.8
EPSS
0.8%
CVE-2020-15274 MEDIUM PATCH This Month

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-6876 MEDIUM This Month

A ZTE product is impacted by an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Evdc
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy