Skip to main content
CVE-2020-28413 MEDIUM POC PATCH This Month

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mantisbt
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
4.7%
CVE-2020-5811 MEDIUM POC PATCH This Month

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Umbraco Cms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.4%
CVE-2020-35850 MEDIUM POC This Month

An SSRF issue was discovered in cockpit-project.org Cockpit 234. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cockpit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-29230 MEDIUM POC This Month

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-29231 MEDIUM POC This Month

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Registration And Login System With Admin Panel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-5810 MEDIUM POC THREAT This Month

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.1
5.4
EPSS
66.2%
CVE-2020-5809 MEDIUM POC This Month

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-29469 MEDIUM POC This Month

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-29233 MEDIUM POC This Month

WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-29477 MEDIUM POC This Month

Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Community
NVD Exploit-DB VulDB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-35241 MEDIUM POC This Month

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.1%
CVE-2020-35240 MEDIUM POC This Month

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fluxbb
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2020-10206 MEDIUM POC This Month

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ak45X Firmware Ak5Xx Firmware Ak65X Firmware Aria6Xx Firmware +2
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-35794 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbs40V Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-35792 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R7500 Firmware R8900 Firmware R9000 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-35790 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection D7800 Firmware R7800 Firmware R8900 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-35788 MEDIUM This Month

NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netgear Wac104 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-35793 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection D7800 Firmware R7500 Firmware R7800 Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2020-35791 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R7800 Firmware R8900 Firmware R9000 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-26288 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-35783 MEDIUM This Month

Certain NETGEAR devices are affected by lack of access control at the function level. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Jgs516Pe Firmware Jgs524E Firmware Jgs524Pe Firmware +1
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-35781 MEDIUM This Month

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Denial Of Service Nms300 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-35780 MEDIUM This Month

NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Denial Of Service Nms300 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-28365 MEDIUM PATCH This Month

Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Sentrifugo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35842 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D6200 Firmware D7000 Firmware Jnr1010V2 Firmware +11
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-35840 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D6200 Firmware D7000 Firmware Jnr1010V2 Firmware +11
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-27534 MEDIUM PATCH This Month

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-28925 MEDIUM PATCH This Month

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Bolt
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-35838 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35837 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-35836 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35835 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35834 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35833 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35832 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35830 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35829 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7800 Firmware R8900 Firmware +13
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35828 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35827 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware Rbk50 Firmware Rbr50 Firmware +7
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35826 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-35825 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35824 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35823 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35822 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35821 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7800 Firmware R8900 Firmware +12
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35820 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35819 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-35818 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-35817 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-35816 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500V2 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy