Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    HIGH
    CVE-2020-29564

    The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank pass... Read more

    Affected Products : consul_docker_image
    • EPSS Score: %49.55
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29576

    The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank pass... Read more

    Affected Products : eggdrop_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29577

    The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.... Read more

    Affected Products : znc_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29579

    The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.... Read more

    Affected Products : express-gateway_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29581

    The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank pass... Read more

    Affected Products : spiped_alpine_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29601

    The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank p... Read more

    Affected Products : notary_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-15429

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsin... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29659

    A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.... Read more

    Affected Products : dupscout
    • EPSS Score: %3.40
    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-15432

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. ... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29667

    In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.... Read more

    Affected Products : m3_atm_monitoring_system
    • EPSS Score: %4.44
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-19142

    iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.... Read more

    Affected Products : icms
    • EPSS Score: %0.39
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-26201

    Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.... Read more

    Affected Products : ap5100w_firmware ap5100w
    • EPSS Score: %0.66
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-24634

    An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility C... Read more

    Affected Products : arubaos sd-wan 9004 9004-lte 9012 7005 7008 7010 7024 7030 +5 more products
    • EPSS Score: %0.24
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-15433

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When par... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-29591

    Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : registry
    • EPSS Score: %2.66
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-15435

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When pa... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-5639

    Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.... Read more

    Affected Products : filezen
    • EPSS Score: %9.21
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-14244

    A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code... Read more

    Affected Products : domino
    • EPSS Score: %1.67
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-35463

    Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : dynamic_apm
    • EPSS Score: %2.01
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2020-35193

    The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access... Read more

    Affected Products : sonarqube_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results