Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2020-9059

    Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a ... Read more

    Affected Products : 500_series_firmware be468
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-9058

    Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protecti... Read more

    Affected Products : 500_series_firmware dm501 zw4201 lb60z-1
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9057

    Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wav... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9056

    Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sani... Read more

    Affected Products : buyspeed
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9055

    Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to web... Read more

    Affected Products : lynx_customer_service_portal
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9050

    Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.... Read more

    Affected Products : metasys_reporting_engine
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-9049

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method w... Read more

    Affected Products : c-cure_web victor_web
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-9048

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducti... Read more

    Affected Products : victor_web_client c-cure_web_client
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9047

    A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker wi... Read more

    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9046

    A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.... Read more

    Affected Products : kantech_entrapass
    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-9045

    During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9044

    XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 ... Read more

    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9043

    The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.... Read more

    Affected Products : wpcentral
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9042

    In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.... Read more

    Affected Products : couchbase_server
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9041

    In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connectio... Read more

    Affected Products : sync_gateway couchbase_server
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9040

    Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty ... Read more

    Affected Products : couchbase_server_java_sdk
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9039

    Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the pr... Read more

    Affected Products : couchbase_server
    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9038

    Joplin through 1.0.184 allows Arbitrary File Read via XSS.... Read more

    Affected Products : joplin
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-9036

    Jeedom through 4.0.38 allows XSS.... Read more

    Affected Products : jeedom
    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9034

    Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.... Read more

    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results