Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2020-8424

    Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php.... Read more

    Affected Products : cups_easy cups_easy
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8423

    A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8421

    An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8420

    An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8419

    An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.... Read more

    Affected Products : joomla\!
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8417

    The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.... Read more

    Affected Products : code_snippets
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8416

    IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.... Read more

    Affected Products : bearftp
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8357

    A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.... Read more

    Affected Products : pcmanager
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8356

    An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failur... Read more

    Affected Products : xclarity_orchestrator
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8355

    An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Captur... Read more

    Affected Products : xclarity_administrator
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8354

    A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.... Read more

    Affected Products : notebook_firmware notebook
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2020-8353

    Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.... Read more

    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-8352

    In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.... Read more

    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8351

    A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.... Read more

    Affected Products : pcmanager
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8350

    An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.... Read more

    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8349

    An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled.... Read more

    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8348

    A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, po... Read more

    Affected Products : enterprise_network_disk
    • Published: Sep. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8347

    A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through ... Read more

    Affected Products : enterprise_network_disk
    • Published: Sep. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8346

    A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.... Read more

    Affected Products : system_interface_foundation
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8345

    A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.... Read more

    Affected Products : hardware_scan
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results