Skip to main content
CVE-2020-25860 MEDIUM POC This Month

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Rauc
NVD GitHub
CVSS 3.1
6.6
EPSS
1.4%
CVE-2020-4757 MEDIUM POC PATCH This Month

IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS IBM Content Navigator
NVD
CVSS 3.1
6.4
EPSS
1.3%
CVE-2020-26275 MEDIUM POC PATCH This Month

The Jupyter Server provides the backend (i.e. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Jupyter Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-26049 MEDIUM POC This Month

Nifty-PM CPE 2.3 is affected by stored HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Nifty Pm
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-35275 MEDIUM POC This Month

Coastercms v5.8.18 is affected by cross-site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coastercms
NVD Exploit-DB VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-35589 MEDIUM POC This Month

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Limit Login Attempts Reloaded
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-35274 MEDIUM POC This Month

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-14225 MEDIUM This Month

HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Inotes
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-35497 MEDIUM This Month

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Engine Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-3999 MEDIUM PATCH This Month

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service VMware Workstation ESXi Fusion
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-35622 MEDIUM PATCH This Month

An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26277 MEDIUM PATCH This Month

DBdeployer is a tool that deploys MySQL database servers easily. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Dbdeployer
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-4840 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4841 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4794 MEDIUM PATCH This Month

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Denial Of Service IBM Authentication Bypass Automation Workstream Services Business Process Manager +1
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4555 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Session Fixation Information Disclosure Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-35624 MEDIUM PATCH This Month

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-26422 MEDIUM PATCH This Month

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Wireshark Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
4.7%
CVE-2020-4842 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-4843 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-29447 MEDIUM This Month

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian File Upload Denial Of Service Crucible
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy