Skip to main content
CVE-2020-24815 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Microstrategy
NVD VulDB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-28330 MEDIUM POC This Month

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wepresent Wipg 1600W Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-29053 MEDIUM POC This Month

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrsale
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-29055 MEDIUM POC This Month

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure 72408A Firmware 9008A Firmware 9016A Firmware 92408A Firmware +24
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-29003 MEDIUM POC This Month

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15928 MEDIUM POC This Month

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Testbox
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-29002 MEDIUM POC PATCH This Month

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-4003 MEDIUM This Month

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi VMware Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-3984 MEDIUM This Month

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
22.4%
CVE-2020-25473 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP News Script Php Pro
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-25472 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP News Script Php Pro
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs108Ev3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-28348 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Docker Path Traversal Nomad
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-28726 MEDIUM PATCH This Month

Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect PHP Seeddms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-25474 MEDIUM This Month

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP News Script Php Pro
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-28928 MEDIUM PATCH This Month

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Musl Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-10763 MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10762 MEDIUM This Month

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gluster Block
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-26232 MEDIUM PATCH This Month

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect Jupyter Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-26235 MEDIUM PATCH This Month

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Time
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-25640 MEDIUM PATCH This Month

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy