Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2020-8245

    Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11... Read more

    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8244

    A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, trick... Read more

    Affected Products : debian_linux bufferlist
    • Published: Aug. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8242

    Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.... Read more

    Affected Products : expressionengine
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8241

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8240

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the E... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8239

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.... Read more

    Affected Products : pulse_secure_desktop_client
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8238

    A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).... Read more

    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8237

    Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.... Read more

    Affected Products : json-bigint
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8236

    A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8235

    Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.... Read more

    Affected Products : deck
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8234

    A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8233

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8232

    An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8231

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8230

    A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.... Read more

    Affected Products : desktop
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8229

    A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.... Read more

    Affected Products : desktop
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8228

    A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.... Read more

    Affected Products : leap backports_sle preferred_providers
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8227

    Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.... Read more

    Affected Products : linux_kernel desktop
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-8226

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.... Read more

    Affected Products : phpbb
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8225

    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.... Read more

    Affected Products : desktop
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results