Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8295

    A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.... Read more

    Affected Products : nextcloud_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8294

    A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.... Read more

    Affected Products : nextcloud_server
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8293

    A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.... Read more

    Affected Products : nextcloud_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8292

    Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.... Read more

    Affected Products : rocket.chat
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8291

    A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.... Read more

    Affected Products : rocket.chat
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8290

    Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of... Read more

    Affected Products : backblaze
    • Published: Dec. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-8289

    Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code e... Read more

    Affected Products : backblaze
    • Published: Dec. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8288

    The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.... Read more

    Affected Products : rocket.chat
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8287

    Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can le... Read more

    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8286

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8285

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8284

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for ... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8283

    An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8282

    A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8281

    A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.... Read more

    Affected Products : contacts
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8280

    A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.... Read more

    Affected Products : contacts
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-8279

    Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.... Read more

    Affected Products : social
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8278

    Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.... Read more

    Affected Products : social
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8277

    A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of r... Read more

    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8276

    The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incogn... Read more

    Affected Products : brave
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results