Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-9470

    An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within t... Read more

    Affected Products : wing_ftp_server
    • Published: Mar. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9468

    The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.... Read more

    Affected Products : piwigo
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9467

    Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.... Read more

    Affected Products : piwigo
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9466

    The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.... Read more

    Affected Products : export_users_to_csv
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9465

    An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cook... Read more

    Affected Products : eyesofnetwork
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9464

    A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.... Read more

    Affected Products : bk9000_firmware bk9000
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9463

    Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.... Read more

    Affected Products : centreon
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9462

    An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon succes... Read more

    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9461

    Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.... Read more

    Affected Products : oempro oempro
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9460

    Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.... Read more

    Affected Products : oempro oempro
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9459

    Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax acti... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9458

    In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9457

    The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9456

    In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9455

    The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9454

    A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalat... Read more

    Affected Products : registrationmagic
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9453

    In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has on... Read more

    Affected Products : iprojection
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9452

    An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users ... Read more

    Affected Products : true_image_2020
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9451

    An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a ... Read more

    Affected Products : true_image_2020
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9450

    An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be e... Read more

    Affected Products : true_image_2020
    • Published: May. 25, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results