Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-9365

    An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.... Read more

    Affected Products : fedora pure-ftpd
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9364

    An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload paramet... Read more

    Affected Products : creative_contact_form
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9363

    The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels tha... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9362

    The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVi... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9361

    CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.... Read more

    Affected Products : csp
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-9359

    KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.... Read more

    Affected Products : fedora debian_linux okular
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9355

    danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.... Read more

    Affected Products : debian_linux networkmanager-ssh
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9354

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9353

    An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9352

    An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the d... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9351

    An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error... Read more

    Affected Products : smartclient
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9350

    Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.... Read more

    Affected Products : visual_analytics
    • Published: Feb. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9349

    The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.... Read more

    Affected Products : tv-288zd-2mp_firmware tv-288zd-2mp
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9347

    Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9346

    Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9345

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim vi... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9344

    Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.... Read more

    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9343

    An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim ... Read more

    Affected Products : windows signopad-api\/web
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9342

    The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and I... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9341

    CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.... Read more

    Affected Products : candidats
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results