Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-8846

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi... Read more

    Affected Products : phantompdf reader windows
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8845

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi... Read more

    Affected Products : phantompdf reader windows
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8844

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.... Read more

    Affected Products : phantompdf reader windows
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-8843

    An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when... Read more

    Affected Products : istio
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8841

    An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqSearch.php endpoint is vulnerable to authenticated SQL Injection.... Read more

    Affected Products : testlink
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8840

    FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.... Read more

    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8839

    Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.... Read more

    Affected Products : bf-430_firmware bf-430
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2020-8838

    An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileg... Read more

    Affected Products : manageengine_assetexplorer
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8835

    In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 sta... Read more

    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8834

    KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel spa... Read more

    Affected Products : linux_kernel ubuntu_linux leap power8
    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-8833

    Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls wh... Read more

    Affected Products : ubuntu_linux apport apport
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8832

    The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the ker... Read more

    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8831

    Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply ... Read more

    Affected Products : ubuntu_linux apport apport
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8830

    CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.... Read more

    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8829

    CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.... Read more

    Affected Products : cip_92200_firmware cip_92200
    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8828

    As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic th... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8827

    As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8826

    As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.... Read more

    Affected Products : argo_continuous_delivery argo_cd
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8825

    index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.... Read more

    Affected Products : vanilla
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8824

    Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.... Read more

    Affected Products : coda-4582u_firmware coda-4582u
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results