Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-9003

    A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other use... Read more

    Affected Products : modula_image_gallery
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-9002

    An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).... Read more

    Affected Products : iportalis_control_portal
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-9000

    An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the max... Read more

    Affected Products : iportalis_control_portal
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8997

    Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in... Read more

    • Published: Feb. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8996

    AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.... Read more

    Affected Products : anyshare_cloud
    • Published: Feb. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8995

    Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and externa... Read more

    Affected Products : bilanc
    • Published: Dec. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8994

    An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use ... Read more

    Affected Products : mdz-25-dt_firmware mdz-25-dt
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8992

    ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.... Read more

    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-8991

    vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privi... Read more

    Affected Products : lvm2
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-8990

    Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.... Read more

    Affected Products : ibi my_cloud_home
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8989

    In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this ... Read more

    Affected Products : voatz
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8988

    The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-f... Read more

    Affected Products : voatz
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-8987

    Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary b... Read more

    Affected Products : antitrack avg_antitrack
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8986

    lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8985

    ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8984

    lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8983

    An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everythin... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8982

    An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8981

    A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permi... Read more

    Affected Products : source_integration
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-8976

    The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and tri... Read more

    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results