Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2020-8505

    School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8504

    School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.... Read more

    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8503

    Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.... Read more

    Affected Products : secure_file_transfer
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8500

    In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8498

    XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privi... Read more

    Affected Products : gistpress
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8497

    In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2020-8496

    In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator.... Read more

    Affected Products : web_time_and_attendance
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8495

    In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application... Read more

    Affected Products : web_time_and_attendance
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8494

    In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges with... Read more

    Affected Products : web_time_and_attendance
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2020-8493

    A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via a... Read more

    Affected Products : web_time_and_attendance
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8492

    Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHa... Read more

    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8489

    Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the... Read more

    Affected Products : 800xa_information_management
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8488

    Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution... Read more

    Affected Products : 800xa 800xa_batch_management
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8487

    Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.... Read more

    Affected Products : 800xa_base_system
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8486

    Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.... Read more

    Affected Products : 800xa_rnrp
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8485

    Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windo... Read more

    Affected Products : 800xa
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8484

    Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows p... Read more

    Affected Products : 800xa
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8482

    Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data... Read more

    Affected Products : device_library_wizard
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8481

    For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, ... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8479

    For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results