Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2020-8551

    The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the a... Read more

    Affected Products : fedora kubernetes
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8549

    Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.... Read more

    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8548

    massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).... Read more

    Affected Products : masscode
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8547

    phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.... Read more

    Affected Products : phplist
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8545

    Global.py in AIL framework 2.8 allows path traversal.... Read more

    Affected Products : ail_framework
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8544

    OX App Suite through 7.10.3 allows SSRF.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8543

    OX App Suite through 7.10.3 has Improper Input Validation.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8542

    OX App Suite through 7.10.3 allows XSS.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8541

    OX App Suite through 7.10.3 allows XXE attacks.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8540

    An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML req... Read more

    Affected Products : manageengine_desktop_central
    • Published: Mar. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8539

    Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, th... Read more

    Affected Products : head_unit_firmware head_unit
    • Published: Dec. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8521

    SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8520

    SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8519

    SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8518

    Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.... Read more

    Affected Products : fedora debian_linux groupware
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8517

    An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result ... Read more

    Affected Products : ubuntu_linux leap squid
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8516

    The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of To... Read more

    Affected Products : tor
    • Published: Feb. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8514

    An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.... Read more

    Affected Products : macos rumpus
    • Published: Feb. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8512

    In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.... Read more

    Affected Products : icewarp_server
    • Published: Feb. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8511

    In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results