Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-9280

    In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secure... Read more

    Affected Products : silverstripe framework assets
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9279

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9278

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9277

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9276

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9275

    An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.... Read more

    Affected Products : dsl-2640b_firmware dsl-2640b
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9274

    An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end ... Read more

    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9273

    In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.... Read more

    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9272

    ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.... Read more

    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9271

    ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.... Read more

    Affected Products : icehrm
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9270

    ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.... Read more

    Affected Products : icehrm
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9269

    SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.... Read more

    Affected Products : soplanning
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9268

    SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.... Read more

    Affected Products : soplanning
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9267

    SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.... Read more

    Affected Products : soplanning
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9266

    SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.... Read more

    Affected Products : soplanning
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-9265

    phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.... Read more

    Affected Products : phpmychat-plus
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9264

    ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS)... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9263

    HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the ... Read more

    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9262

    HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted ap... Read more

    Affected Products : mate_30_firmware mate_30
    • Published: Jul. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-9261

    HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted appli... Read more

    Affected Products : mate_30_firmware mate_30
    • Published: Jul. 06, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294850 Results