Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2020-8616

    A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetch... Read more

    Affected Products : debian_linux bind
    • Published: May. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8615

    A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).... Read more

    Affected Products : tutor_lms
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8614

    An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.... Read more

    Affected Products : ap4000w_firmware ap4000w
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2020-8612

    In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.... Read more

    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8611

    In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via ... Read more

    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8608

    In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.... Read more

    Affected Products : debian_linux leap libslirp
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8607

    An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel addr... Read more

    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8606

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.... Read more

    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8605

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.... Read more

    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8604

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.... Read more

    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8603

    A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in th... Read more

    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8602

    A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code exe... Read more

    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8601

    Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.... Read more

    Affected Products : windows vulnerability_protection
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8600

    Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.... Read more

    Affected Products : worry-free_business_security
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8598

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8597

    eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.... Read more

    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8596

    participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentia... Read more

    Affected Products : participants_database
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8595

    Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only ac... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8594

    The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].... Read more

    Affected Products : ninja_forms
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8592

    eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).... Read more

    Affected Products : eg_manager
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results