Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2020-8173

    A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-8172

    TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.... Read more

    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8171

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containi... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8170

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters v... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8169

    curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8168

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-poin... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8167

    A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.... Read more

    Affected Products : debian_linux rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8166

    A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.... Read more

    Affected Products : debian_linux rails actionpack
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8164

    A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.... Read more

    Affected Products : debian_linux leap backports_sle rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8163

    The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.... Read more

    Affected Products : debian_linux rails
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8162

    A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.... Read more

    Affected Products : debian_linux rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2020-8161

    A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.... Read more

    Affected Products : ubuntu_linux debian_linux rack rack
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8160

    MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output en... Read more

    Affected Products : mendixsso
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8159

    There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.... Read more

    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8158

    Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.... Read more

    Affected Products : typeorm
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8157

    UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).... Read more

    • Published: May. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2020-8156

    A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.... Read more

    Affected Products : fedora nextcloud nextcloud_mail mail
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8155

    An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.... Read more

    Affected Products : nextcloud_server
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2020-8154

    An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.... Read more

    Affected Products : nextcloud_server
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8153

    Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.... Read more

    Affected Products : fedora group_folders
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results