Skip to main content
CVE-2020-28349 MEDIUM POC PATCH This Month

An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Network Server
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-28351 MEDIUM POC THREAT This Month

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Shoretel Firmware
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
16.0%
CVE-2020-27019 MEDIUM POC THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
17.9%
CVE-2020-27018 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro SSRF Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
5.5
EPSS
3.5%
CVE-2020-8276 MEDIUM POC This Month

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Brave
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8133 MEDIUM POC This Month

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-27017 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XXE Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.9
EPSS
6.4%
CVE-2020-27693 MEDIUM POC This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2020-8150 MEDIUM POC This Month

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. Rated medium severity (CVSS 4.1). Public exploit code available and no vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2020-9300 MEDIUM This Month

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dispatch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-25655 MEDIUM This Month

An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-24401 MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2020-28364 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Locust
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-24353 MEDIUM This Month

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-23136 MEDIUM This Month

Microweber v1.1.18 is affected by no session expiry after log-out. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microweber
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-23139 MEDIUM This Month

Microweber 1.1.18 is affected by broken authentication and session management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9299 MEDIUM This Month

There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dispatch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-24402 MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Magento
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2020-4651 MEDIUM PATCH This Month

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Maximo Spatial Asset Management
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-24405 MEDIUM PATCH This Month

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy