CVEs from 2020
Total
3,811
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2229 | unknown | — | 1.0 | 4y ago | Jenkins Cross-Site Scripting vulnerability in help icons | |||
| CVE-2020-2230 | unknown | — | 1.0 | 4y ago | Jenkins Cross-site Scripting vulnerability in project naming strategy | |||
| CVE-2020-13693 | unknown | — | 1.0 | 4y ago | bbPress unauthenticated privilege-escalation | |||
| CVE-2020-10963 | unknown | — | 1.0 | 4y ago | FrozenNode Laravel-Administrator unrestricted file upload | |||
| CVE-2020-8819 | unknown | — | 1.0 | 4y ago | CardGate Payments plugin for WooCommerce does not validate request origin | |||
| CVE-2020-7934 | unknown | — | 1.0 | 4y ago | Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet | |||
| CVE-2020-2096 | unknown | — | 1.0 | 4y ago | Reflected XSS vulnerability in Jenkins gitlab-hook Plugin | |||
| CVE-2020-5504 | unknown | — | 1.0 | 4y ago | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this … | |||
| CVE-2020-27955 | unknown | — | 1.0 | 4y ago | Git LFS 2.12.0 allows Remote Code Execution. | |||
| CVE-2020-28337 | unknown | — | 1.0 | 4y ago | Zip slip in Microweber | |||
| CVE-2020-13951 | unknown | — | 1.0 | 4y ago | Denial of service in Apache OpenMeetings | |||
| CVE-2020-35476 | unknown | — | 1.0 | 5y ago | OS Command Injection in OpenTSDB | |||
| CVE-2020-9283 | unknown | — | 1.0 | 5y ago | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accept… | |||
| CVE-2020-7680 | unknown | — | 1.0 | 5y ago | Cross-site Scripting in docsify | |||
| CVE-2020-15500 | unknown | — | 1.0 | 5y ago | Cross-site scripting in TileServer GL | |||
| CVE-2020-28249 | unknown | — | 1.0 | 5y ago | Cross-site scripting in Joplin | |||
| CVE-2020-15930 | unknown | — | 1.0 | 5y ago | Cross-site Scripting in Joplin | |||
| CVE-2020-10596 | unknown | — | 1.0 | 5y ago | Cross-site Scripting in OpenCart | |||
| CVE-2020-5811 | unknown | — | 1.0 | 5y ago | Authenticated path traversal in Umbraco CMS | |||
| CVE-2020-7750 | unknown | — | 1.0 | 6y ago | Cross-Site Scripting in scratch-svg-renderer | |||
| CVE-2020-9038 | unknown | — | 1.0 | 6y ago | Cross-site Scripting in Joplin | |||
| CVE-2020-5295 | unknown | — | 1.0 | 6y ago | Local File read vulnerability in OctoberCMS | |||
| CVE-2020-8163 | unknown | — | 1.0 | 6y ago | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. |