Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-8820

    An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be ... Read more

    Affected Products : webmin
    • Published: Oct. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8819

    An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchan... Read more

    Affected Products : cardgate_payments
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8818

    An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings ... Read more

    Affected Products : cardgate_payments magento
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8817

    Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.... Read more

    Affected Products : data_science_studio
    • Published: Sep. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8815

    Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.... Read more

    Affected Products : bearftp bearftp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-8813

    graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8812

    Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8811

    ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8810

    An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8809

    Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and guru... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8808

    The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHOR... Read more

    Affected Products : icue
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8807

    In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel.... Read more

    Affected Products : zcashd
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8806

    Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.... Read more

    Affected Products : zcashd
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8804

    SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.... Read more

    Affected Products : suitecrm
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8803

    SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.... Read more

    Affected Products : suitecrm
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8802

    SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.... Read more

    Affected Products : suitecrm
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8801

    SuiteCRM through 7.11.11 allows PHAR Deserialization.... Read more

    Affected Products : suitecrm
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8800

    SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.... Read more

    Affected Products : suitecrm
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-8799

    A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.... Read more

    Affected Products : wti_like_post
    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8798

    httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.... Read more

    Affected Products : rx4-1500_firmware rx4-1500
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results