Skip to main content
CVE-2020-27587 MEDIUM POC This Month

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Brute Force Total Security
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-29438 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Model X Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-17901 MEDIUM POC This Month

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pbootcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-29395 MEDIUM POC THREAT This Month

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Eventon
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
11.7%
CVE-2020-27586 MEDIUM POC This Month

Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Total Security
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-29384 MEDIUM POC This Month

An issue was discovered in PNGOUT 2020-01-15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Pngout
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-28976 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
27.8%
CVE-2020-25624 MEDIUM POC This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-29364 MEDIUM POC This Month

In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS News Lister
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-27659 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Synology Safeaccess
NVD GitHub
CVSS 3.1
4.8
EPSS
5.1%
CVE-2020-29440 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model X Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-29439 MEDIUM POC This Month

Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Model X Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-29392 MEDIUM POC This Month

The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Lock Password Manager Safe App
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-27585 MEDIUM POC This Month

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Total Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-4127 MEDIUM This Month

HCL Domino is susceptible to a Login CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hcl Domino
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-29441 MEDIUM This Month

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Outsystems
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4900 MEDIUM PATCH This Month

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Business Automation Workflow
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-14193 MEDIUM This Month

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Code Injection Automation For Jira
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4625 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-4624 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-28978 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28977 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-4696 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4626 MEDIUM PATCH This Month

IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy