Skip to main content
CVE-2020-26223 MEDIUM POC PATCH This Month

Spree is a complete open source e-commerce solution built with Ruby on Rails. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Spree
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-7032 MEDIUM POC This Month

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Aura System Manager Weblm
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2020-26230 MEDIUM POC PATCH This Month

Radar COVID is the official COVID-19 exposure notification app for Spain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google Apple Information Disclosure Radar Covid Backend Dp3T Server Radarcovid
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-0599 MEDIUM This Month

Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Pentium J6425 Firmware Pentium J4205 Firmware Pentium J3710 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-9129 MEDIUM This Month

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Huawei Mate 30 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9127 MEDIUM This Month

Some Huawei products have a command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Huawei Command Injection Nip6300 Firmware Nip6600 Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8582 MEDIUM This Month

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hci Element Os
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-26825 MEDIUM This Month

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Fiori Launchpad News Tile Application
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7033 MEDIUM This Month

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Equinox Conferencing
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-7962 MEDIUM This Month

An issue was discovered in One Identity Password Manager 5.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-6157 MEDIUM This Month

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Opera Touch
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy