Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-8601

    Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.... Read more

    Affected Products : windows vulnerability_protection
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8600

    Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.... Read more

    Affected Products : worry-free_business_security
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8598

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8597

    eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.... Read more

    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8596

    participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentia... Read more

    Affected Products : participants_database
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8595

    Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only ac... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8594

    The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].... Read more

    Affected Products : ninja_forms
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8592

    eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).... Read more

    Affected Products : eg_manager
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8591

    eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.... Read more

    Affected Products : eg_manager
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8590

    Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.... Read more

    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8589

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.... Read more

    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8588

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).... Read more

    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8587

    OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client ... Read more

    Affected Products : oncommand_system_manager
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8585

    OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).... Read more

    Affected Products : oncommand_unified_manager
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8584

    Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8583

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.... Read more

    Affected Products : element_os hci
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8582

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.... Read more

    Affected Products : element_os hci
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8581

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8580

    SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).... Read more

    Affected Products : e-series_santricity_os_controller
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8579

    Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).... Read more

    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results