Skip to main content
CVE-2020-27783 MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2020-23741 MEDIUM POC This Month

In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anyview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-23738 MEDIUM POC This Month

There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23736 MEDIUM POC This Month

There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dada Accelerator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23727 MEDIUM POC This Month

There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antiy Zhijia Terminal Defense System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-23726 MEDIUM POC This Month

There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wise Care 365
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13524 MEDIUM POC This Month

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-28938 MEDIUM POC This Month

OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openclinic
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-25711 MEDIUM PATCH This Month

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Data Grid Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26246 MEDIUM PATCH This Month

Pimcore is an open source digital experience platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-5679 MEDIUM This Month

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ec Cube
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5678 MEDIUM This Month

Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-5677 MEDIUM This Month

Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-5638 MEDIUM This Month

Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Neo
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-27762 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-27760 MEDIUM PATCH This Month

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-2323 MEDIUM PATCH This Month

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-14318 MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy