Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-9066

    Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into... Read more

    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9065

    Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tampe... Read more

    Affected Products : taurus-al00b_firmware taurus-al00b
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-9064

    Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerabil... Read more

    Affected Products : honor_v30_firmware honor_v30
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2020-9063

    NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the... Read more

    Affected Products : aptra_xfs selfserv_atm
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-9062

    Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to... Read more

    Affected Products : probase procash_2100xe
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9061

    Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of s... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9060

    Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are sus... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-9059

    Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a ... Read more

    Affected Products : 500_series_firmware be468
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-9058

    Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protecti... Read more

    Affected Products : 500_series_firmware dm501 zw4201 lb60z-1
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9057

    Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wav... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9056

    Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sani... Read more

    Affected Products : buyspeed
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9055

    Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to web... Read more

    Affected Products : lynx_customer_service_portal
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9050

    Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.... Read more

    Affected Products : metasys_reporting_engine
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-9049

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method w... Read more

    Affected Products : c-cure_web victor_web
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-9048

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducti... Read more

    Affected Products : victor_web_client c-cure_web_client
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9047

    A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker wi... Read more

    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-9046

    A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.... Read more

    Affected Products : kantech_entrapass
    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-9045

    During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-9044

    XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 ... Read more

    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-9043

    The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.... Read more

    Affected Products : wpcentral
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results