Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2020-9359

    KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.... Read more

    Affected Products : fedora debian_linux okular
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9355

    danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.... Read more

    Affected Products : debian_linux networkmanager-ssh
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9354

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9353

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9352

    An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9351

    An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9350

    Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.... Read more

    Affected Products : visual_analytics
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9349

    The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.... Read more

    Affected Products : tv-288zd-2mp_firmware tv-288zd-2mp
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9347

    Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9346

    Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9345

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim vi... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9344

    Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.... Read more

    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9343

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim ... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9342

    The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and I... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9341

    CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.... Read more

    Affected Products : candidats
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-9340

    fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.... Read more

    Affected Products : fauzantrif_election
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9339

    SOPlanning 1.45 allows XSS via the Name or Comment to status.php.... Read more

    Affected Products : soplanning
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9338

    SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.... Read more

    Affected Products : soplanning
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9337

    In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.... Read more

    Affected Products : course_manager
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9336

    fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field.... Read more

    Affected Products : fauzantrif_election
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results