Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-9344

    Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.... Read more

    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9343

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim ... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9342

    The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and I... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9341

    CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.... Read more

    Affected Products : candidats
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-9340

    fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.... Read more

    Affected Products : fauzantrif_election
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9339

    SOPlanning 1.45 allows XSS via the Name or Comment to status.php.... Read more

    Affected Products : soplanning
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9338

    SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.... Read more

    Affected Products : soplanning
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9337

    In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.... Read more

    Affected Products : course_manager
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9336

    fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field.... Read more

    Affected Products : fauzantrif_election
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-9335

    Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.... Read more

    Affected Products : photo_gallery
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9334

    A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other use... Read more

    Affected Products : envira_gallery photo_gallery
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9332

    ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.... Read more

    Affected Products : usb_for_remote_desktop
    • Published: Jun. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9331

    CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbit... Read more

    Affected Products : csp
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9330

    Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default cre... Read more

    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-9329

    Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.... Read more

    Affected Products : gogs
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9327

    In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.... Read more

    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9326

    BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9325

    Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9324

    Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9323

    Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results