Skip to main content
CVE-2020-29455 MEDIUM POC This Month

A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liveaddressplugin Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-15023 MEDIUM POC This Month

Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ap5100W Firmware
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-35132 MEDIUM POC PATCH This Month

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpldapadmin Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-35127 MEDIUM POC This Month

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26421 MEDIUM POC PATCH This Month

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wireshark Fedora +2
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-26420 MEDIUM POC PATCH This Month

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-26419 MEDIUM POC PATCH This Month

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2020-26418 MEDIUM POC PATCH This Month

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Debian Linux Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2020-26413 MEDIUM POC THREAT This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
33.8%
CVE-2020-35126 MEDIUM POC This Month

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typesetter
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-28220 MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Modicon M258 Firmware Somachine Somachine Motion
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-12149 MEDIUM This Month

The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeconnect Enterprise
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-12148 MEDIUM This Month

A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeconnect Enterprise
NVD
CVSS 3.1
6.8
EPSS
2.1%
CVE-2020-15375 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g contain an improper input validation weakness in the command line interface when secccrypptocfg is invoked. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-26264 MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-26409 MEDIUM This Month

A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-25838 MEDIUM This Month

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-28218 MEDIUM This Month

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easergy T300 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-26411 MEDIUM This Month

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2).

NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-17515 MEDIUM PATCH This Month

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.10.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
6.1
EPSS
16.0%
CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-7789 MEDIUM PATCH This Month

This affects the package node-notifier before 9.0.0. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Node Notifier
NVD GitHub
CVSS 3.1
5.6
EPSS
1.6%
CVE-2020-28214 MEDIUM This Month

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-7549 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-35175 MEDIUM PATCH This Month

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frappe
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-17470 MEDIUM This Month

An issue was discovered in FNET through 4.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fnet
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-5950 MEDIUM This Month

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-35149 MEDIUM PATCH This Month

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mquery
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26265 MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7790 MEDIUM PATCH This Month

This affects the package spatie/browsershot from 0.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Browsershot
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26417 MEDIUM This Month

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-26408 MEDIUM This Month

A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7541 MEDIUM This Month

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-26416 MEDIUM This Month

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-15376 MEDIUM This Month

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-26415 MEDIUM This Month

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-26412 MEDIUM This Month

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13357 MEDIUM This Month

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy