Skip to main content
CVE-2020-27885 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27658 MEDIUM POC This Month

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-27657 MEDIUM POC This Month

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-25516 MEDIUM POC This Month

WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Integrator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27993 MEDIUM POC This Month

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hrsale
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
2.5%
CVE-2020-27747 MEDIUM This Month

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Passwordstate
NVD GitHub
CVSS 3.1
6.8
EPSS
1.1%
CVE-2020-11488 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Jwt Attack Nvidia Bmc Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-5934 MEDIUM This Month

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5938 MEDIUM This Month

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-21266 MEDIUM This Month

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Broadleaf Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-5935 MEDIUM This Month

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-14323 MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-26205 MEDIUM PATCH This Month

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11484 MEDIUM This Month

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Bmc Firmware
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-5932 MEDIUM This Month

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Application Security Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4864 MEDIUM PATCH This Month

IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy