Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-8794

    OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server ... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2020-8793

    OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.... Read more

    Affected Products : ubuntu_linux fedora opensmtpd opensmtpd
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8792

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is ... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8791

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make una... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8790

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials an... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8789

    Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.... Read more

    Affected Products : composr
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8788

    Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient ... Read more

    Affected Products : clearcanvas
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8787

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8786

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8785

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8784

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8783

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8782

    Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8781

    Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8778

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8777

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8776

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2020-8775

    Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.... Read more

    Affected Products : platform pega_platform
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8774

    Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.... Read more

    Affected Products : pega_platform pega_platform
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 8.9

    HIGH
    CVE-2020-8773

    The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.... Read more

    Affected Products : platform pega_platform
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results