CVE-2020-25262 - PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
Published: October 08, 2020; 9:15:10 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2020-25271 - PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
Published: October 08, 2020; 9:15:11 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2020-25270 - PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
Published: October 08, 2020; 9:15:10 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2020-4775 - A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the en... read CVE-2020-4775
Published: October 12, 2020; 9:15:12 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2020-8338 - A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Published: October 14, 2020; 6:15:13 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2020-26522 - A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
Published: October 09, 2020; 3:15:11 AM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2019-15695 - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset fr... read CVE-2019-15695
Published: December 26, 2019; 11:15:10 AM -0500

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2019-15694 - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could p... read CVE-2019-15694
Published: December 26, 2019; 10:15:11 AM -0500

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2020-2297 - Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Published: October 08, 2020; 9:15:12 AM -0400

V3.1: 3.3 LOW
V2.0: 2.1 LOW

CVE-2020-5642 - Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Published: October 14, 2020; 11:15:12 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2020-2298 - Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Published: October 08, 2020; 9:15:12 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2020-3567 - A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an aff... read CVE-2020-3567
Published: October 08, 2020; 1:15:15 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 6.8 MEDIUM

CVE-2020-3596 - A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected... read CVE-2020-3596
Published: October 08, 2020; 1:15:15 AM -0400

V3.1: 7.5 HIGH
V2.0: 7.8 HIGH

CVE-2018-20243 - The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
Published: October 13, 2020; 3:15:12 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2019-4545 - IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. IBM X-Force ID: 165877.
Published: October 08, 2020; 10:15:11 AM -0400

V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM

CVE-2020-13332 - Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration.
Published: October 07, 2020; 10:15:11 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2019-3837 - It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-en... read CVE-2019-3837
Published: April 11, 2019; 11:29:00 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.9 MEDIUM

CVE-2019-5426 - In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local ... read CVE-2019-5426
Published: April 10, 2019; 2:29:00 PM -0400

V3.1: 4.8 MEDIUM
V2.0: 5.8 MEDIUM

CVE-2019-5424 - In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
Published: April 10, 2019; 2:29:00 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

CVE-2019-6140 - A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
Published: April 09, 2019; 5:29:03 PM -0400

V3.1: 8.8 HIGH
V2.0: 7.5 HIGH