Skip to main content
CVE-2020-26259 MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
6.8
EPSS
82.4%
CVE-2020-28930 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eps Tse Server 8 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-26273 MEDIUM POC PATCH This Month

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Osquery
NVD GitHub
CVSS 3.1
5.2
EPSS
0.9%
CVE-2020-4904 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-4658 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Sterling File Gateway
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4657 MEDIUM This Month

IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26198 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-4905 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-5359 MEDIUM PATCH This Month

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Bsafe Micro Edition Suite Database Weblogic Server Proxy Plug In
NVD
CVSS 3.1
5.8
EPSS
1.3%
CVE-2020-4908 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4907 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-14248 MEDIUM This Month

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Platform
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-29362 MEDIUM This Month

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure P11 Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-25619 MEDIUM This Month

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure N Central
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy