Skip to main content
CVE-2020-2490 HIGH This Week

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-4692 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4671 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4566 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-4475 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26129 MEDIUM This Month

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Ktor
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26225 MEDIUM PATCH This Month

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Product Comments
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-27627 MEDIUM This Month

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-27459 MEDIUM This Month

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chronoforums
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4672 MEDIUM PATCH This Month

IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-27991 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27990 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27989 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
21.7%
CVE-2020-27988 MEDIUM This Month

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
85.2%
CVE-2020-5663 MEDIUM This Month

Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xoonips
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-5662 MEDIUM This Month

Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xoonips
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-27622 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27629 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-27626 MEDIUM This Month

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-27625 MEDIUM This Month

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-27624 MEDIUM This Month

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-25210 MEDIUM This Month

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4705 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4763 MEDIUM This Month

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4665 MEDIUM PATCH This Month

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-27628 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-24366 LOW Monitor

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Youtrack
NVD
CVSS 3.1
3.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy