Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-04	CVE-2020-10933	Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. network low complexity ruby-lang fedoraproject debian CWE-908	5.3
2020-05-04	CVE-2020-12626	Cross-Site Request Forgery (CSRF) vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian CWE-352	6.5
2020-05-04	CVE-2020-12625	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian opensuse CWE-79	6.1
2020-04-30	CVE-2020-11030	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. network low complexity wordpress debian CWE-79	5.4
2020-04-30	CVE-2020-11029	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. network low complexity debian wordpress CWE-79	6.1
2020-04-30	CVE-2020-11026	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. network low complexity wordpress debian CWE-79	5.4
2020-04-30	CVE-2020-11025	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. network low complexity wordpress debian CWE-79	5.4
2020-04-30	CVE-2020-11652	Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical blackberry vmware CWE-22	6.5
2020-04-29	CVE-2020-11022	In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery drupal debian fedoraproject oracle netapp opensuse tenable	6.1
2020-04-29	CVE-2020-11023	In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable	6.1