Skip to main content
CVE-2020-7762 MEDIUM POC PATCH This Month

This affects the package jsreport-chrome-pdf before 1.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Path Traversal Jsreport Chrome Pdf
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-26505 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Marmind
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-15951 MEDIUM POC This Month

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Immuta
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-28047 MEDIUM POC This Month

AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Audimexee
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-26506 MEDIUM POC This Month

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Marmind
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-7207 MEDIUM This Month

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Apollo 2000 Firmware Apollo 4200 Gen10 Firmware Apollo 4500 Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-4097 MEDIUM This Month

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Notes
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-25662 MEDIUM This Month

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-5943 MEDIUM This Month

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-14240 MEDIUM This Month

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Notes
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14222 MEDIUM This Month

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-6015 MEDIUM This Month

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Denial Of Service Microsoft Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5940 MEDIUM This Month

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-8267 MEDIUM PATCH This Month

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubiquiti Authentication Bypass Unifi Protect Firmware
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-7761 MEDIUM PATCH This Month

This affects the package @absolunet/kafe before 3.2.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kafe
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-24431 MEDIUM This Month

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Apple Acrobat Acrobat Dc +2
NVD
CVSS 3.1
4.4
EPSS
1.6%
CVE-2020-5944 MEDIUM This Month

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure Big Iq Centralized Management
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy