Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-8319

    A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.... Read more

    Affected Products : system_interface_foundation
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8318

    A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.... Read more

    Affected Products : system_interface_foundation
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8317

    A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.... Read more

    Affected Products : drivers_management
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-8316

    A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.... Read more

    Affected Products : vantage
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8315

    In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. ... Read more

    Affected Products : python
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8300

    Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. ... Read more

    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8299

    Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource c... Read more

    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8298

    fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.... Read more

    Affected Products : fs-path
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8297

    Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.... Read more

    Affected Products : deck
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2020-8296

    Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.... Read more

    Affected Products : fedora nextcloud_server
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8295

    A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.... Read more

    Affected Products : nextcloud_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8294

    A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.... Read more

    Affected Products : nextcloud_server
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8293

    A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.... Read more

    Affected Products : nextcloud_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8292

    Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.... Read more

    Affected Products : rocket.chat
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8291

    A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.... Read more

    Affected Products : rocket.chat
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8290

    Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of... Read more

    Affected Products : backblaze
    • Published: Dec. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-8289

    Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code e... Read more

    Affected Products : backblaze
    • Published: Dec. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8288

    The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.... Read more

    Affected Products : rocket.chat
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8287

    Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can le... Read more

    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8286

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results