Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8595

    Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only ac... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8594

    The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].... Read more

    Affected Products : ninja_forms
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8592

    eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature).... Read more

    Affected Products : eg_manager
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8591

    eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request.... Read more

    Affected Products : eg_manager
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8590

    Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.... Read more

    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8589

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.... Read more

    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8588

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).... Read more

    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8587

    OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client ... Read more

    Affected Products : oncommand_system_manager
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8585

    OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).... Read more

    Affected Products : oncommand_unified_manager
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8584

    Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.... Read more

    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8583

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.... Read more

    Affected Products : element_os hci
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8582

    Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.... Read more

    Affected Products : element_os hci
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8581

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8580

    SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).... Read more

    Affected Products : e-series_santricity_os_controller
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8579

    Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).... Read more

    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8578

    Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.... Read more

    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8577

    SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.... Read more

    Affected Products : e-series_santricity_os_controller
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8576

    Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.... Read more

    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-8575

    Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).... Read more

    Affected Products : active_iq_unified_manager
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8574

    Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.... Read more

    Affected Products : active_iq_unified_manager
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results