Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2020-9033

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2020-9032

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2020-9031

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2020-9029

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2020-9028

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user)....

Affected Products : syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware syncserver_s100 syncserver_s200 syncserver_s250 syncserver_s300 syncserver_s350
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2020-9027

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected....

Affected Products : ntp-2_firmware ntp-rg-1402g_firmware ntp-2 ntp-rg-1402g
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2020-9026

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected....

Affected Products : ntp-2_firmware ntp-rg-1402g_firmware ntp-2 ntp-rg-1402g
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2020-9025

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script....

Affected Products : vantage_velocity_firmware vantage_velocity
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts....

Affected Products : vantage_velocity_firmware vantage_velocity
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-9023

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password....

Affected Products : vantage_velocity_firmware vantage_velocity
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2020-9022

An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS....

Affected Products : xh2-120_firmware xr2436_firmware xr520_firmware xr620_firmware xh2-120 xr2436 xr520 xr620
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer paramete...

Affected Products : awam_bluetooth_field_device_firmware awam_bluetooth_field_device
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field....

Affected Products : vantage_velocity_firmware vantage_velocity
Published: Feb. 17, 2020

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2020-9019

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description....

Affected Products : wpjobboard
Published: Feb. 25, 2020

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2020-9018

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user....

Affected Products : litecart
Published: Feb. 25, 2020

Modified: Nov. 21, 2024
8.0

HIGH

CVE-2020-9017

LiteCart through 2.2.1 allows CSV injection via a customer's profile....

Affected Products : litecart
Published: Feb. 25, 2020

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header....

Affected Products : dolibarr_erp\/crm
Published: Feb. 16, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-9015

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a c...

Affected Products : dcs-7050qx-32s-r_firmware dcs-7050cx3-32s-r_firmware dcs-7280sram-48c6-r_firmware dcs-7050qx-32s-r dcs-7050cx3-32s-r dcs-7280sram-48c6-r
Published: Feb. 20, 2020

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2020-9014

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPN...

Affected Products : iprojection
Published: Feb. 05, 2021

Modified: Nov. 21, 2024

Showing 20 of 294853 Results

Browse by Apps

Latest CVE Feed

6.5

6.5

6.5

6.5

6.5

6.1

10.0

10.0

6.1

10.0

9.8

6.1

10.0

10.0

6.1

5.3

8.0

5.4

9.8

5.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable