Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2020-8270

    An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342... Read more

    Affected Products : virtual_apps_and_desktops
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8269

    An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9... Read more

    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8268

    Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.... Read more

    Affected Products : json8-merge-patch
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8267

    A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This ... Read more

    Affected Products : unifi_protect_firmware
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8265

    Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap objec... Read more

    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8264

    In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the co... Read more

    Affected Products : rails
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8263

    A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8262

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8261

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8259

    Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8258

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.... Read more

    Affected Products : gateway_plug-in
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8257

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks... Read more

    Affected Products : gateway_plug-in
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8256

    A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8255

    A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8254

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8253

    Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.... Read more

    Affected Products : xenmobile_server
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8252

    The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.... Read more

    Affected Products : fedora leap node.js
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8251

    Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.... Read more

    Affected Products : fedora node.js
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8250

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8249

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results