Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-8009

    AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.... Read more

    Affected Products : avb_firmware 112d 1248 16a 24ai 24ao 624 828es 828x 8a +11 more products
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8004

    STMicroelectronics STM32F1 devices have Incorrect Access Control.... Read more

    Affected Products : stm32f1_firmware stm32f1
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8003

    A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free... Read more

    Affected Products : debian_linux virglrenderer
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8002

    A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).... Read more

    Affected Products : debian_linux virglrenderer
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8001

    The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.... Read more

    Affected Products : aptus
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8000

    Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.... Read more

    Affected Products : aptus_web
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7999

    The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY.... Read more

    Affected Products : aptus
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-7998

    An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the F... Read more

    Affected Products : super_file_explorer
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7997

    ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.... Read more

    Affected Products : rt-ac66u_firmware rt-ac66u
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7996

    htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7995

    The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7994

    Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /ht... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-7993

    Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.... Read more

    Affected Products : prototype
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7991

    Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.... Read more

    Affected Products : framework
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7990

    Adive Framework 2.0.8 has admin/user/add userName XSS.... Read more

    Affected Products : framework
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7989

    Adive Framework 2.0.8 has admin/user/add userUsername XSS.... Read more

    Affected Products : framework
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7988

    An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requiremen... Read more

    Affected Products : phpipam
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7984

    SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self reg... Read more

    Affected Products : n-central
    • Published: Jan. 26, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-7983

    A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.... Read more

    • Published: May. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-7982

    An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-i... Read more

    Affected Products : openwrt lede
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results