Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8162

    A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.... Read more

    Affected Products : debian_linux rails
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2020-8161

    A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.... Read more

    Affected Products : ubuntu_linux debian_linux rack rack
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8160

    MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output en... Read more

    Affected Products : mendixsso
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8159

    There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.... Read more

    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8158

    Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.... Read more

    Affected Products : typeorm
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2020-8157

    UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).... Read more

    • Published: May. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2020-8156

    A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.... Read more

    Affected Products : fedora nextcloud nextcloud_mail mail
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8155

    An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.... Read more

    Affected Products : nextcloud_server
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2020-8154

    An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.... Read more

    Affected Products : nextcloud_server
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8153

    Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.... Read more

    Affected Products : fedora group_folders
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-8152

    Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8151

    There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.... Read more

    Affected Products : fedora active_resource
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8150

    A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.... Read more

    Affected Products : nextcloud_server
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8149

    Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.... Read more

    Affected Products : logkitty
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8148

    UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.... Read more

    Affected Products : cloud_key_gen2 cloud_key_gen2_plus
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8147

    Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.... Read more

    Affected Products : utils-extend
    • Published: Apr. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8146

    In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows a... Read more

    Affected Products : windows unifi_video
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8145

    The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can acces... Read more

    Affected Products : windows unifi_video
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2020-8144

    The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. ... Read more

    Affected Products : windows unifi_video
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8143

    An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CS... Read more

    Affected Products : revive_adserver
    • Published: Apr. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results