Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2020-8830

    CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.... Read more

    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8829

    CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.... Read more

    Affected Products : cip_92200_firmware cip_92200
    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8828

    As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic th... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8827

    As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence.... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8826

    As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication.... Read more

    Affected Products : argo_continuous_delivery argo_cd
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8825

    index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.... Read more

    Affected Products : vanilla
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8824

    Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.... Read more

    Affected Products : coda-4582u_firmware coda-4582u
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8823

    htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.... Read more

    Affected Products : sockjs
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-8822

    Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.... Read more

    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8821

    An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML cod... Read more

    Affected Products : webmin
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8820

    An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be ... Read more

    Affected Products : webmin
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8819

    An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchan... Read more

    Affected Products : cardgate_payments
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8818

    An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings ... Read more

    Affected Products : cardgate_payments magento
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8817

    Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.... Read more

    Affected Products : data_science_studio
    • Published: Sep. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8815

    Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.... Read more

    Affected Products : bearftp bearftp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-8813

    graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8812

    Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8811

    ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8810

    An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8809

    Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and guru... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results