Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-8264

    In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the co... Read more

    Affected Products : rails
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8263

    A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8262

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8261

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8259

    Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8258

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.... Read more

    Affected Products : gateway_plug-in
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8257

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks... Read more

    Affected Products : gateway_plug-in
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8256

    A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8255

    A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8254

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8253

    Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.... Read more

    Affected Products : xenmobile_server
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8252

    The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.... Read more

    Affected Products : fedora leap node.js
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8251

    Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.... Read more

    Affected Products : fedora node.js
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8250

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8249

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8248

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8247

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix ... Read more

    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8246

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix ... Read more

    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8245

    Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11... Read more

    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8244

    A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, trick... Read more

    Affected Products : debian_linux bufferlist
    • Published: Aug. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results