Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-8986

    lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8985

    ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8984

    lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.... Read more

    Affected Products : zendto
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8983

    An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everythin... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8982

    An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8981

    A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permi... Read more

    Affected Products : source_integration
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-8976

    The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and tri... Read more

    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8975

    ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.... Read more

    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-8974

    In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusab... Read more

    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-8973

    ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters... Read more

    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8968

    Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information... Read more

    Affected Products : remote_application_server
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-8967

    There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.... Read more

    Affected Products : erp
    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8966

    There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragmen... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8964

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xM... Read more

    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8963

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters... Read more

    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8962

    A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.... Read more

    Affected Products : dir-842_firmware dir-842
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8961

    An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an ev... Read more

    Affected Products : free_antivirus
    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8960

    Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.... Read more

    Affected Products : mycloud.com
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8959

    Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.... Read more

    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8958

    Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results