Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2020-8227

    Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.... Read more

    Affected Products : linux_kernel desktop
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-8226

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.... Read more

    Affected Products : phpbb
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8225

    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.... Read more

    Affected Products : desktop
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8224

    A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.... Read more

    Affected Products : desktop
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8223

    A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.... Read more

    Affected Products : fedora nextcloud_server
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8222

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2020-8221

    A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8220

    A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8219

    An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8217

    A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8216

    An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8215

    A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.... Read more

    Affected Products : canvas
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8214

    A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.... Read more

    Affected Products : servey
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8213

    An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.... Read more

    Affected Products : unifi_protect
    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8212

    Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.... Read more

    Affected Products : xenmobile_server
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8211

    Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.... Read more

    Affected Products : xenmobile_server
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8210

    Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.... Read more

    Affected Products : xenmobile_server
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8209

    Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.... Read more

    Affected Products : xenmobile_server
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8208

    Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).... Read more

    Affected Products : xenmobile_server
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8207

    Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.... Read more

    Affected Products : workspace
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results