Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-9440

    A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.... Read more

    Affected Products : fedora ckeditor webspellchecker
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9439

    Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, m... Read more

    Affected Products : tin_canny_reporting_for_learndash
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-9438

    Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.... Read more

    • Published: Jun. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-9437

    SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.... Read more

    Affected Products : secureauth_identity_provider
    • Published: Jun. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9436

    PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devi... Read more

    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9435

    PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devi... Read more

    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9434

    openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.... Read more

    Affected Products : lua-openssl
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9433

    openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.... Read more

    Affected Products : lua-openssl
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9432

    openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.... Read more

    Affected Products : lua-openssl
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9431

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.... Read more

    Affected Products : fedora debian_linux leap wireshark
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9430

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.... Read more

    Affected Products : fedora debian_linux leap wireshark
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9429

    In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.... Read more

    Affected Products : leap wireshark
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9428

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.... Read more

    Affected Products : fedora debian_linux leap wireshark
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2020-9427

    OX Guard 2.10.3 and earlier allows SSRF.... Read more

    Affected Products : ox_guard
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9426

    OX Guard 2.10.3 and earlier allows XSS.... Read more

    Affected Products : ox_guard
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9425

    An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest... Read more

    Affected Products : rconfig
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9423

    LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, su... Read more

    Affected Products : logicaldoc
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9418

    An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.... Read more

    Affected Products : windows pdfescape
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9417

    The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor He... Read more

    • Published: Oct. 20, 2020
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2020-9416

    The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to... Read more

    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results