Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-9381

    controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.... Read more

    Affected Products : total.js_cms
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9380

    IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.... Read more

    Affected Products : web_tv_player
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9379

    The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversat... Read more

    Affected Products : micontact_center_business
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9376

    D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... Read more

    Affected Products : dir-610_firmware dir-610
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9375

    TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.... Read more

    Affected Products : archer_c50 archer_c5
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9374

    On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.... Read more

    Affected Products : tl-wr849n_firmware tl-wr849n
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9372

    The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_a... Read more

    Affected Products : appointment_booking_calendar
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-9371

    Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.... Read more

    Affected Products : appointment_booking_calendar
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9370

    HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.... Read more

    Affected Products : hga12r-02_firmware hga12r-02
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9369

    Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.... Read more

    Affected Products : fedora debian_linux sympa
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9368

    The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.... Read more

    Affected Products : olea_gift_on_order
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9367

    The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is miss... Read more

    Affected Products : manageengine_desktop_central
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9366

    A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.... Read more

    Affected Products : screen
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9365

    An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.... Read more

    Affected Products : fedora pure-ftpd
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9364

    An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload paramet... Read more

    Affected Products : creative_contact_form
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9363

    The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels tha... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9362

    The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVi... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9361

    CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.... Read more

    Affected Products : csp
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-9359

    KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.... Read more

    Affected Products : fedora debian_linux okular
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9355

    danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.... Read more

    Affected Products : debian_linux networkmanager-ssh
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results