Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2020-7912

    In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.... Read more

    Affected Products : youtrack
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-7911

    In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.... Read more

    Affected Products : teamcity
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-7910

    JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.... Read more

    Affected Products : teamcity
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7909

    In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.... Read more

    Affected Products : teamcity
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-7908

    In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.... Read more

    Affected Products : teamcity
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7907

    In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections.... Read more

    Affected Products : scala
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7906

    In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.... Read more

    Affected Products : rider
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-7905

    Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.... Read more

    Affected Products : intellij_idea
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2020-7904

    In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.... Read more

    Affected Products : intellij_idea
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7883

    Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.... Read more

    Affected Products : windows printchaser
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-7882

    Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')... Read more

    Affected Products : windows anysign4pc
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7881

    The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" fie... Read more

    Affected Products : windows afreecatv
    • Published: Nov. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-7880

    The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.... Read more

    Affected Products : windows neors
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7879

    This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in... Read more

    Affected Products : c200_firmware c200
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7878

    An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.... Read more

    Affected Products : windows videooffice
    • Published: Dec. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7877

    A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote ar... Read more

    Affected Products : windows zook_agent zook_viewer
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7875

    DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.... Read more

    Affected Products : dext5upload windows
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-7874

    Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL... Read more

    Affected Products : windows nexacro
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7873

    Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.... Read more

    Affected Products : k-system_wellcomm
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-7872

    DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution.... Read more

    Affected Products : daviewindy
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results