Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2020-9335

    Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.... Read more

    Affected Products : photo_gallery
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9334

    A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other use... Read more

    Affected Products : envira_gallery photo_gallery
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9332

    ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.... Read more

    Affected Products : usb_for_remote_desktop
    • Published: Jun. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9331

    CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbit... Read more

    Affected Products : csp
    • Published: Oct. 23, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9330

    Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default cre... Read more

    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-9329

    Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.... Read more

    Affected Products : gogs
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9327

    In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.... Read more

    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9326

    BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9325

    Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9324

    Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9323

    Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.... Read more

    Affected Products : tiff_server
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9321

    configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.... Read more

    Affected Products : traefik
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9320

    Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, P... Read more

    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-9318

    Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.... Read more

    Affected Products : sql_monitor
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9315

    ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support poli... Read more

    Affected Products : iplanet_web_server
    • Published: May. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-9314

    ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a r... Read more

    Affected Products : iplanet_web_server
    • Published: May. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9311

    In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.... Read more

    Affected Products : silverstripe framework
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9309

    Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause b... Read more

    Affected Products : silverstripe mimevalidator recipe
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9308

    archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.... Read more

    Affected Products : ubuntu_linux fedora libarchive
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9307

    Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If th... Read more

    Affected Products : hirschmann_hios
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results