Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-7981

    sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.... Read more

    Affected Products : geocoder
    • Published: Jan. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7980

    Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.... Read more

    Affected Products : aptus_web
    • Published: Jan. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7979

    GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7978

    GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7977

    GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7976

    GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7974

    GitLab EE 10.1 through 12.7.2 allows Information Disclosure.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7973

    GitLab through 12.7.2 allows XSS.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7972

    GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7971

    GitLab EE 11.0 and later through 12.7.2 allows XSS.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7969

    GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7968

    GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-7967

    GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7966

    GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7965

    flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This ... Read more

    Affected Products : webargs
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7964

    An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous order... Read more

    Affected Products : saleor saleor
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7962

    An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password rese... Read more

    Affected Products : password_manager
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7959

    LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, becaus... Read more

    Affected Products : labvantage
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 6.0

    MEDIUM
    CVE-2020-7958

    An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because... Read more

    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7957

    The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of... Read more

    Affected Products : fedora dovecot
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results