Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2020-8797

    Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local ... Read more

    Affected Products : rx4-1500_firmware rx4-1500
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8796

    Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.... Read more

    Affected Products : secure_file_transfer
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8795

    In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.... Read more

    Affected Products : gitlab
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8794

    OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server ... Read more

    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2020-8793

    OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.... Read more

    Affected Products : ubuntu_linux fedora opensmtpd opensmtpd
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8792

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is ... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8791

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make una... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8790

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials an... Read more

    Affected Products : oklok
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8789

    Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.... Read more

    Affected Products : composr
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8788

    Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient ... Read more

    Affected Products : clearcanvas
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8787

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8786

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8785

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8784

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8783

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).... Read more

    Affected Products : suitecrm
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8782

    Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8781

    Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8778

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8777

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo, as demonstrated by a SCRIPT element in an SVG document.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8776

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results