Skip to main content
CVE-2020-8236 MEDIUM POC This Month

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2020-7757 MEDIUM POC This Month

This affects all versions of package droppy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Droppy
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-28041 MEDIUM POC This Month

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Privilege Escalation Nighthawk R7000 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-25689 MEDIUM POC PATCH This Month

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wildfly Fuse Jboss Data Grid Jboss Enterprise Application Platform +6
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-27982 MEDIUM POC This Month

IceWarp 11.4.5.0 allows XSS via the language parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
5.3%
CVE-2020-23989 MEDIUM POC This Month

NeDi 1.9C allows pwsec.php oid XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23868 MEDIUM POC This Month

NeDi 1.9C allows inc/rt-popup.php d XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-28042 MEDIUM POC PATCH This Month

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Servicestack
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-28002 MEDIUM POC This Month

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonarqube
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-27358 MEDIUM POC This Month

An issue was discovered in REDCap 8.11.6 through 9.x before 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Redcap
NVD GitHub
CVSS 3.1
4.3
EPSS
2.0%
CVE-2020-28044 MEDIUM This Month

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Prolinos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-6014 MEDIUM This Month

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Microsoft RCE Endpoint Security
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5657 MEDIUM This Month

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Melsec Iq Rj71Eip91 Firmware Melsec Iq Rj71Pn92 Firmware Melsec Iq Rd81Dl96 Firmware Melsec Iq Rd81Mes96N Firmware +1
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-28038 MEDIUM This Month

WordPress before 5.5.2 allows stored XSS via post slugs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-28034 MEDIUM This Month

WordPress before 5.5.2 allows XSS associated with global variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-27359 MEDIUM This Month

A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redcap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-15914 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Origin Client
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26939 MEDIUM PATCH This Month

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fips Java Api Legion Of The Bouncy Castle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-28040 MEDIUM This Month

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Debian Linux Ubuntu Linux
NVD WPScan
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-28031 MEDIUM This Month

eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Eramba
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy