Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-9296

    Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary da... Read more

    Affected Products : conductor
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9294

    An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the u... Read more

    Affected Products : fortimail fortivoice
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9292

    An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.... Read more

    Affected Products : fortisiem_windows_agent
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9291

    An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.... Read more

    Affected Products : forticlient
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9290

    An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arb... Read more

    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9289

    Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive d... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9288

    An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.... Read more

    Affected Products : fortiwlc
    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9287

    An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading mal... Read more

    • Published: Mar. 15, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-9286

    An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.... Read more

    Affected Products : fortiadc_firmware fortiadc
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9283

    golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.... Read more

    Affected Products : debian_linux package_ssh
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9282

    In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.... Read more

    Affected Products : mahara
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9281

    A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).... Read more

    • Published: Mar. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9280

    In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secure... Read more

    Affected Products : silverstripe framework assets
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9279

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9278

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9277

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9276

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9275

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9274

    An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end ... Read more

    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9273

    In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.... Read more

    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results