Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-9776

    This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9775

    An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Tim... Read more

    Affected Products : mac_os_x iphone_os ipados
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9774

    An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data... Read more

    Affected Products : macos mac_os_x
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9773

    The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9772

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipad_os
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-9771

    This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.... Read more

    Affected Products : macos mac_os_x
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9770

    A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9769

    Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9768

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9767

    A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well thro... Read more

    Affected Products : sharing_service
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9761

    An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called.... Read more

    Affected Products : asycuda_world
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9760

    An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.... Read more

    Affected Products : debian_linux weechat
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9759

    A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configurat... Read more

    Affected Products : webos
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-9758

    An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege es... Read more

    Affected Products : livezilla
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9757

    The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.... Read more

    Affected Products : craft_cms
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9756

    Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a nu... Read more

    Affected Products : viper_rgb_firmware viper_rgb
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9754

    NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.... Read more

    Affected Products : whale whale_browser
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9753

    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.... Read more

    Affected Products : whale_browser_installer
    • Published: May. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9752

    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.... Read more

    Affected Products : cloud_explorer
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9751

    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.... Read more

    Affected Products : cloud_explorer
    • Published: Mar. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294799 Results