Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2020-9518

    Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.... Read more

    Affected Products : service_manager
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9517

    There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.... Read more

    Affected Products : service_manager
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9514

    An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify ... Read more

    Affected Products : impress_for_idx_broker
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9502

    Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.... Read more

    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9501

    Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to co... Read more

    Affected Products : web_p2p
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-9500

    Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.... Read more

    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-9499

    Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.... Read more

    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2020-9498

    Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, p... Read more

    Affected Products : fedora debian_linux guacamole
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-9497

    Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the mem... Read more

    Affected Products : fedora debian_linux guacamole
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9496

    XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03... Read more

    Affected Products : ofbiz
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9495

    Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify th... Read more

    Affected Products : archiva
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9494

    Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.... Read more

    Affected Products : debian_linux traffic_server
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9493

    A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.... Read more

    Affected Products : log4j reload4j chainsaw
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9492

    In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9491

    In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replic... Read more

    Affected Products : nifi
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9490

    Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Pu... Read more

    • Published: Aug. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9489

    A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and Imag... Read more

    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9488

    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2... Read more

    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9487

    In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated us... Read more

    Affected Products : nifi
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9486

    In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in pl... Read more

    Affected Products : nifi
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results