Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-8539

    Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, th... Read more

    Affected Products : head_unit_firmware head_unit
    • Published: Dec. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8521

    SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8520

    SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8519

    SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql... Read more

    Affected Products : phpzag
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8518

    Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.... Read more

    Affected Products : fedora debian_linux groupware
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8517

    An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result ... Read more

    Affected Products : ubuntu_linux leap squid
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8516

    The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of To... Read more

    Affected Products : tor
    • Published: Feb. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8514

    An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality.... Read more

    Affected Products : macos rumpus
    • Published: Feb. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8512

    In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.... Read more

    Affected Products : icewarp_server
    • Published: Feb. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8511

    In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8510

    An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.... Read more

    Affected Products : phpabook
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8509

    Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.... Read more

    Affected Products : manageengine_desktop_central
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8508

    nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.... Read more

    Affected Products : malware_cleaner
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8507

    The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.... Read more

    Affected Products : citytv_video
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8506

    The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.... Read more

    Affected Products : global_tv
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8505

    School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8504

    School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8503

    Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.... Read more

    Affected Products : secure_file_transfer
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8500

    In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8498

    XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privi... Read more

    Affected Products : gistpress
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results