Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-9369

    Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.... Read more

    Affected Products : fedora debian_linux sympa
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9368

    The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.... Read more

    Affected Products : olea_gift_on_order
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9367

    The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is miss... Read more

    Affected Products : manageengine_desktop_central
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9366

    A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.... Read more

    Affected Products : screen
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9365

    An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.... Read more

    Affected Products : fedora pure-ftpd
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9364

    An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload paramet... Read more

    Affected Products : creative_contact_form
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9363

    The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels tha... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9362

    The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVi... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9361

    CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.... Read more

    Affected Products : csp
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-9359

    KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.... Read more

    Affected Products : fedora debian_linux okular
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9355

    danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.... Read more

    Affected Products : debian_linux networkmanager-ssh
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9354

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9353

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9352

    An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9351

    An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9350

    Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.... Read more

    Affected Products : visual_analytics
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9349

    The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.... Read more

    Affected Products : tv-288zd-2mp_firmware tv-288zd-2mp
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9347

    Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9346

    Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9345

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim vi... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results