Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8183

    A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2020-8182

    Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.... Read more

    Affected Products : deck
    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8181

    A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.... Read more

    Affected Products : contacts
    • Published: Jul. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-8180

    A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.... Read more

    Affected Products : talk
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8179

    Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.... Read more

    Affected Products : deck
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8178

    Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.... Read more

    Affected Products : jison
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8177

    curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8176

    A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.... Read more

    Affected Products : koa-shopify-auth
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8175

    Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.... Read more

    Affected Products : jpeg-js
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-8174

    napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.... Read more

    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8173

    A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-8172

    TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.... Read more

    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8171

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containi... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8170

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters v... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8169

    curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8168

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-poin... Read more

    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8167

    A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.... Read more

    Affected Products : debian_linux rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8166

    A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.... Read more

    Affected Products : debian_linux rails actionpack
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8164

    A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.... Read more

    Affected Products : debian_linux leap backports_sle rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8163

    The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.... Read more

    Affected Products : debian_linux rails
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results