Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8237

    Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.... Read more

    Affected Products : json-bigint
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8236

    A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8235

    Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.... Read more

    Affected Products : deck
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8234

    A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8233

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8232

    An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8231

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8230

    A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.... Read more

    Affected Products : desktop
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8229

    A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.... Read more

    Affected Products : desktop
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8228

    A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.... Read more

    Affected Products : leap backports_sle preferred_providers
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8227

    Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.... Read more

    Affected Products : linux_kernel desktop
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-8226

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.... Read more

    Affected Products : phpbb
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8225

    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.... Read more

    Affected Products : desktop
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8224

    A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.... Read more

    Affected Products : desktop
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8223

    A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.... Read more

    Affected Products : fedora nextcloud_server
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8222

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8221

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8220

    A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8219

    An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8217

    A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results