Skip to main content
CVE-2020-28005 MEDIUM POC This Month

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wpa4220 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-15300 MEDIUM POC This Month

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Suitecrm
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26554 MEDIUM POC This Month

REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maildepot
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-28724 MEDIUM POC PATCH This Month

Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Werkzeug
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-25454 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-28361 MEDIUM POC This Month

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Authentication Bypass Kamailio
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2020-24723 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration Login And User Management System
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2020-13799 MEDIUM This Month

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inand Cl Em132 Firmware Inand Ix Em132 Firmware Inand Ix Em132 Xi Firmware Op Tee
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2020-3482 MEDIUM This Month

A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Expressway Telepresence Video Communication Server
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-3471 MEDIUM This Month

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-4592 MEDIUM PATCH This Month

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26078 MEDIUM This Month

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iot Field Network Director
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-26068 MEDIUM This Month

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Roomos Telepresence Collaboration Endpoint
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-28917 MEDIUM This Month

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure View Frontend Statistics
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26215 MEDIUM PATCH This Month

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Notebook Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-22723 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ljcmsshop
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27126 MEDIUM This Month

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26081 MEDIUM This Month

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Iot Field Network Director
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26884 MEDIUM This Month

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Archer
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-26933 MEDIUM This Month

Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trusted Platform Module
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-28915 MEDIUM PATCH This Month

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2020-14208 MEDIUM This Month

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3441 MEDIUM This Month

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-26079 MEDIUM This Month

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Iot Field Network Director
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-26077 MEDIUM This Month

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26080 MEDIUM This Month

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Iot Field Network Director
NVD
CVSS 3.1
4.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy