Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2020-7935

    Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible t... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-7934

    In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will... Read more

    Affected Products : liferay_portal
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2020-7932

    OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed i... Read more

    Affected Products : omero.web
    • Published: Jun. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7931

    In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of... Read more

    Affected Products : artifactory
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7929

    A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.... Read more

    Affected Products : mongodb
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7928

    A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB... Read more

    Affected Products : mongodb
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-7927

    Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.... Read more

    Affected Products : ops_manager
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7926

    A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB Server v4.4 versions prior to 4.4.1. Versions before 4... Read more

    Affected Products : mongodb
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7925

    Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior ... Read more

    Affected Products : mongodb
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7924

    Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB ... Read more

    Affected Products : database_tools mongomirror
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7923

    A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; Mo... Read more

    Affected Products : mongodb
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7922

    X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operat... Read more

    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-7921

    Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects ... Read more

    Affected Products : mongodb
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7920

    pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.... Read more

    Affected Products : monitoring_and_management
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7919

    Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.... Read more

    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-7918

    An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.... Read more

    Affected Products : totemomail
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-7916

    be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permissio... Read more

    Affected Products : learnpress
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-7915

    An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.... Read more

    Affected Products : 5p_850_firmware 5p_850
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7914

    In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.... Read more

    Affected Products : intellij_idea
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7913

    JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.... Read more

    Affected Products : youtrack
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results