Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-7956

    HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.... Read more

    Affected Products : nomad
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7955

    HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.... Read more

    Affected Products : consul
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7954

    An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of progr... Read more

    Affected Products : opmon
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7953

    An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option.... Read more

    Affected Products : opmon
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7952

    rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.... Read more

    Affected Products : dota_2
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7951

    meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.... Read more

    Affected Products : dota_2
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7950

    meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call.... Read more

    Affected Products : dota_2
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7949

    schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.... Read more

    Affected Products : dota_2
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7948

    An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.... Read more

    Affected Products : login_by_auth0
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7947

    An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed... Read more

    Affected Products : login_by_auth0
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-7945

    Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.... Read more

    Affected Products : continuous_delivery
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2020-7944

    In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report.... Read more

    Affected Products : continuous_delivery
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7943

    Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sens... Read more

    • Published: Mar. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7942

    Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `defau... Read more

    Affected Products : puppet_agent puppet
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7941

    A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7940

    Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7939

    SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7938

    plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-7937

    An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7936

    An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results