Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2020-8099

    A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to ... Read more

    Affected Products : antivirus_2020
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8097

    An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affec... Read more

    • Published: Aug. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2020-8096

    Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions pr... Read more

    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8095

    A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.... Read more

    Affected Products : total_security_2020
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8093

    A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution... Read more

    Affected Products : antivirus
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8092

    A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for M... Read more

    Affected Products : antivirus
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8091

    svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.... Read more

    Affected Products : typo3
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-8090

    The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).... Read more

    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8089

    Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.... Read more

    Affected Products : piwigo
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8088

    panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.... Read more

    Affected Products : usebb
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8087

    SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetD... Read more

    Affected Products : d3g0804w_firmware d3g0804w
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8086

    The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a ... Read more

    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8037

    The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.... Read more

    Affected Products : fedora debian_linux macos mac_os_x tcpdump
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8036

    The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.... Read more

    Affected Products : tcpdump
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8035

    The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail acc... Read more

    Affected Products : groupware
    • Published: May. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8034

    Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An at... Read more

    Affected Products : groupware gollem
    • Published: May. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8033

    Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.... Read more

    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2020-8032

    A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.... Read more

    Affected Products : cyrus-sasl openldap2
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2020-8031

    A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This iss... Read more

    Affected Products : open_build_service
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-8030

    A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.... Read more

    Affected Products : caas_platform
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results