Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-9481

    Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.... Read more

    Affected Products : debian_linux traffic_server
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9480

    In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an applica... Read more

    Affected Products : business_intelligence spark
    • Published: Jun. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9479

    When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0... Read more

    Affected Products : asterixdb
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9478

    An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems.... Read more

    Affected Products : cdm
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9477

    An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain acces... Read more

    Affected Products : hga12r-02_firmware hga12r-02
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9476

    ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.... Read more

    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2020-9475

    The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway.... Read more

    Affected Products : sg_150-0_firmware sg_150-0
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9474

    The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.... Read more

    Affected Products : sg_150-0_firmware sg_150-0
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2020-9473

    The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.... Read more

    Affected Products : sg_150-0_firmware sg_150-0
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9472

    Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.... Read more

    Affected Products : umbraco_cms
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9471

    Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.... Read more

    Affected Products : umbraco_cms
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9470

    An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within t... Read more

    Affected Products : wing_ftp_server
    • Published: Mar. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9468

    The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.... Read more

    Affected Products : piwigo
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9467

    Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.... Read more

    Affected Products : piwigo
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9466

    The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.... Read more

    Affected Products : export_users_to_csv
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9465

    An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cook... Read more

    Affected Products : eyesofnetwork
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9464

    A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.... Read more

    Affected Products : bk9000_firmware bk9000
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9463

    Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.... Read more

    Affected Products : centreon
    • Published: Feb. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9462

    An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon succes... Read more

    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9461

    Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.... Read more

    Affected Products : oempro oempro
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results