Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-8436

    XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8435

    An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.... Read more

    Affected Products : registrationmagic
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8434

    Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into ... Read more

    Affected Products : internet_campus_solution
    • Published: May. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8432

    In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced ... Read more

    Affected Products : leap u-boot
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8430

    Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.... Read more

    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8429

    The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating syst... Read more

    Affected Products : kinetica
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8428

    fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be a... Read more

    Affected Products : linux_kernel
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8427

    In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.... Read more

    Affected Products : backup traverse
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8426

    The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.... Read more

    Affected Products : website_builder
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8425

    Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.... Read more

    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8424

    Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.... Read more

    Affected Products : cups_easy cups_easy
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8423

    A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8421

    An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8420

    An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8419

    An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8417

    The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.... Read more

    Affected Products : code_snippets
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8416

    IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.... Read more

    Affected Products : bearftp
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8357

    A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.... Read more

    Affected Products : pcmanager
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8356

    An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failur... Read more

    Affected Products : xclarity_orchestrator
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8355

    An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Captur... Read more

    Affected Products : xclarity_administrator
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results