National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 11 hours 37 min ago

CVE-2019-20001

13 hours 43 min ago
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
Categories: Security News

CVE-2020-15467

13 hours 43 min ago
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
Categories: Security News

CVE-2020-5615

Mon, 08/03/2020 - 22:15
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Categories: Security News

CVE-2020-5616

Mon, 08/03/2020 - 22:15
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.
Categories: Security News

CVE-2020-5617

Mon, 08/03/2020 - 22:15
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
Categories: Security News

CVE-2020-11583

Mon, 08/03/2020 - 17:15
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Categories: Security News

CVE-2020-11584

Mon, 08/03/2020 - 17:15
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Categories: Security News

CVE-2020-5770

Mon, 08/03/2020 - 16:15
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Categories: Security News

CVE-2020-5771

Mon, 08/03/2020 - 16:15
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
Categories: Security News

CVE-2020-5772

Mon, 08/03/2020 - 16:15
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.
Categories: Security News

CVE-2020-5773

Mon, 08/03/2020 - 16:15
Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.
Categories: Security News

CVE-2020-16116

Mon, 08/03/2020 - 16:15
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Categories: Security News

CVE-2020-16271

Mon, 08/03/2020 - 13:15
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
Categories: Security News

CVE-2020-16272

Mon, 08/03/2020 - 13:15
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
Categories: Security News

CVE-2020-8574

Mon, 08/03/2020 - 13:15
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
Categories: Security News

CVE-2020-8575

Mon, 08/03/2020 - 13:15
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
Categories: Security News

CVE-2020-12739

Mon, 08/03/2020 - 13:15
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attacker could exploit this vulnerability by sending a series of malformed packets to port 8193/tcp, resulting in a denial of service (DoS) condition, where the affected device would require a manual power cycle of the CNC to recover.
Categories: Security News

CVE-2020-13820

Mon, 08/03/2020 - 13:15
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
Categories: Security News

CVE-2020-14319

Mon, 08/03/2020 - 13:15
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.
Categories: Security News

CVE-2020-16131

Mon, 08/03/2020 - 13:15
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Categories: Security News

Pages