Skip to main content
CVE-2020-35774 MEDIUM POC PATCH THREAT This Month

server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Twitter Server
NVD GitHub
CVSS 3.1
5.4
EPSS
87.6%
CVE-2020-29471 MEDIUM POC This Month

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.3%
CVE-2020-29470 MEDIUM POC This Month

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.7%
CVE-2020-29475 MEDIUM POC This Month

nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Store
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-35735 MEDIUM POC This Month

Vidyo 02-09-/D allows clickjacking via the portal/ URI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vidyo
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2020-9125 MEDIUM This Month

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Mate 30 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-27643 MEDIUM This Month

The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Client
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-9208 MEDIUM This Month

There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Imanager Neteco 6000
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-9093 MEDIUM This Month

There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Taurus Al00A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1848 MEDIUM This Month

There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jackman Al00D Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-5806 MEDIUM This Month

An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Factorytalk Linx
NVD
CVSS 3.1
5.5
EPSS
4.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy