CVEs from 2020
Total
3,795
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2318 | unknown | — | — | 4y ago | Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin | |||
| CVE-2020-2317 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins FindBugs Plugin | |||
| CVE-2020-2319 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin | |||
| CVE-2020-2316 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin | |||
| CVE-2020-2309 | unknown | — | — | 4y ago | Missing authorization in Jenkins Kubernetes Plugin | |||
| CVE-2020-2315 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Visualworks Store Plugin | |||
| CVE-2020-2314 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins AppSpider Plugin | |||
| CVE-2020-2313 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs | |||
| CVE-2020-2308 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Kubernetes Plugin | |||
| CVE-2020-2310 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs | |||
| CVE-2020-2311 | unknown | — | — | 4y ago | Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration | |||
| CVE-2020-2312 | unknown | — | — | 4y ago | Password written to the build log by Jenkins SQLPlus Script Runner Plugin | |||
| CVE-2020-2307 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin | |||
| CVE-2020-2300 | unknown | — | — | 4y ago | Improper Authentication (empty password) in Jenkins Active Directory Plugin | |||
| CVE-2020-2303 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Active Directory Plugin | |||
| CVE-2020-2305 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Mercurial Plugin | |||
| CVE-2020-2299 | unknown | — | — | 4y ago | Improper Authentication in Jenkins Active Directory Plugin | |||
| CVE-2020-2301 | unknown | — | — | 4y ago | Authentication cache in Active Directory Jenkins Plugin allows logging in with any password | |||
| CVE-2020-2304 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Subversion Plugin | |||
| CVE-2020-2302 | unknown | — | — | 4y ago | Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page | |||
| CVE-2020-2306 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Mercurial Plugin | |||
| CVE-2020-26211 | unknown | — | — | 4y ago | Bookstack Cross-site Scripting vulnerability | |||
| CVE-2020-25689 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in WildFly | |||
| CVE-2020-15703 | unknown | — | — | 4y ago | aptdaemon Information Disclosure via Improper Input Validation in Transaction class | |||
| CVE-2020-24710 | unknown | — | — | 4y ago | Gophish vulnerable to Server-Side Request Forgery in github.com/gophish/gophish | |||
| CVE-2020-27388 | unknown | — | — | 4y ago | YOURLS Stored Cross Site Scripting (XSS) | |||
| CVE-2020-1915 | unknown | — | — | 4y ago | Out-of-bounds Read in Facebook Hermes | |||
| CVE-2020-10721 | unknown | — | — | 4y ago | fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution | |||
| CVE-2020-24408 | unknown | — | — | 4y ago | Magento 2 Community Edition XSS Vulnerability | |||
| CVE-2020-26934 | unknown | — | — | 4y ago | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | |||
| CVE-2020-26935 | unknown | — | — | 4y ago | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feat… | |||
| CVE-2020-25263 | unknown | — | — | 4y ago | PyroCMS Vulnerable to CSRF | |||
| CVE-2020-2295 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Maven Cascade Release Plugin | |||
| CVE-2020-2294 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Maven Cascade Release Plugin | |||
| CVE-2020-2297 | unknown | — | — | 4y ago | Access token stored in plain text by Jenkins SMS Notification Plugin | |||
| CVE-2020-25262 | unknown | — | — | 4y ago | PyroCMS Vulnerable to CSRF | |||
| CVE-2020-2298 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Nerrvana Plugin | |||
| CVE-2020-2289 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2020-2293 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Persona Plugin | |||
| CVE-2020-2290 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2020-2291 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins couchdb-statistics Plugin | |||
| CVE-2020-2286 | unknown | — | — | 4y ago | Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin | |||
| CVE-2020-2292 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Release Plugin | |||
| CVE-2020-2296 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Shared Objects Plugin | |||
| CVE-2020-1914 | unknown | — | — | 4y ago | Always-Incorrect Control Flow Implementation in Facebook Hermes | |||
| CVE-2020-2288 | unknown | — | — | 4y ago | Incorrect default pattern in Jenkins Audit Trail Plugin | |||
| CVE-2020-25644 | unknown | — | — | 4y ago | Wildfly-OpenSSL memory leak flaw | |||
| CVE-2020-26523 | unknown | — | — | 4y ago | Froala WYSIWYG Editor XSS Vulnerability | |||
| CVE-2020-25830 | unknown | — | — | 4y ago | MantisBT HTML Injection vulnerability | |||
| CVE-2020-25781 | unknown | — | — | 4y ago | MantisBT unauthorized users able to access private files | |||
| CVE-2020-25288 | unknown | — | — | 4y ago | MantisBT XXS where a Custom Field with a crafted Regular Expression property is used | |||
| CVE-2020-25814 | unknown | — | — | 4y ago | MediaWiki Cross-site Scripting (XSS) vulnerability | |||
| CVE-2020-25815 | unknown | — | — | 4y ago | MediaWiki Cross-site Scripting (XSS) vulnerability | |||
| CVE-2020-25827 | unknown | — | — | 4y ago | OATHAuth extension in MediaWiki is not implementing rate limit | |||
| CVE-2020-25828 | unknown | — | — | 4y ago | MediaWiki Cross-site Scripting (XSS) vulnerability | |||
| CVE-2020-25813 | unknown | — | — | 4y ago | MediaWiki Special:UserRights exposes the existence of hidden users | |||
| CVE-2020-25812 | unknown | — | — | 4y ago | MediaWiki Cross-site Scripting (XSS) vulnerability | |||
| CVE-2020-15840 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Bypass via Double Encoded URL | |||
| CVE-2020-2284 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Liquibase Runner Plugin | |||
| CVE-2020-2280 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins warnings Plugin allows remote code execution | |||
| CVE-2020-2281 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Lockable Resources Plugin | |||
| CVE-2020-2279 | unknown | — | — | 4y ago | Sandbox bypass vulnerability in Jenkins Script Security Plugin | |||
| CVE-2020-2285 | unknown | — | — | 4y ago | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | |||
| CVE-2020-2283 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Liquibase Runner Plugin | |||
| CVE-2020-2282 | unknown | — | — | 4y ago | Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin | |||
| CVE-2020-7734 | unknown | — | — | 4y ago | All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. | |||
| CVE-2020-25750 | unknown | — | — | 4y ago | DotPlant2 Improper Restriction of XML External Entity Reference | |||
| CVE-2020-2277 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Jenkins Storable Configs Plugin | |||
| CVE-2020-2278 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Storable Configs Plugin | |||
| CVE-2020-2276 | unknown | — | — | 4y ago | System command execution vulnerability in Selection tasks Jenkins Plugin | |||
| CVE-2020-2272 | unknown | — | — | 4y ago | Missing permission checks in Jenkins ElasTest Plugin | |||
| CVE-2020-2275 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | |||
| CVE-2020-2274 | unknown | — | — | 4y ago | Passwords stored in plain text by ElasTest Plugin | |||
| CVE-2020-2273 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins ElasTest Plugin | |||
| CVE-2020-2268 | unknown | — | — | 4y ago | CSRF vulnerability in MongoDB Plugin | |||
| CVE-2020-2265 | unknown | — | — | 4y ago | Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin | |||
| CVE-2020-2269 | unknown | — | — | 4y ago | Stored XSS vulnerability in chosen-views-tabbar Plugin | |||
| CVE-2020-2264 | unknown | — | — | 4y ago | Stored XSS vulnerability in Custom Job Icon Plugin | |||
| CVE-2020-2267 | unknown | — | — | 4y ago | Missing permission checks in MongoDB Plugin | |||
| CVE-2020-2270 | unknown | — | — | 4y ago | Stored XSS vulnerability in ClearCase Release Plugin | |||
| CVE-2020-2266 | unknown | — | — | 4y ago | Stored XSS vulnerability in Description Column Plugin | |||
| CVE-2020-2260 | unknown | — | — | 4y ago | Missing permission check in Perfecto Plugin | |||
| CVE-2020-2271 | unknown | — | — | 4y ago | Stored XSS vulnerability in Locked Files Report Plugin | |||
| CVE-2020-2261 | unknown | — | — | 4y ago | OS command execution vulnerability in Perfecto Plugin | |||
| CVE-2020-2259 | unknown | — | — | 4y ago | Stored XSS vulnerability in computer-queue-plugin Plugin | |||
| CVE-2020-2258 | unknown | — | — | 4y ago | Incorrect permission check in Health Advisor by CloudBees Plugin | |||
| CVE-2020-2256 | unknown | — | — | 4y ago | Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name | |||
| CVE-2020-2262 | unknown | — | — | 4y ago | Stored XSS vulnerability in android-lint Plugin | |||
| CVE-2020-2252 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin | |||
| CVE-2020-2255 | unknown | — | — | 4y ago | Missing permission check in Blue Ocean Plugin | |||
| CVE-2020-2257 | unknown | — | — | 4y ago | Stored XSS vulnerability in Validating String Parameter Plugin | |||
| CVE-2020-2263 | unknown | — | — | 4y ago | Stored XSS vulnerability in Radiator View Plugin | |||
| CVE-2020-2253 | unknown | — | — | 4y ago | Missing hostname validation in Email Extension Plugin | |||
| CVE-2020-2254 | unknown | — | — | 4y ago | Path traversal vulnerability in Blue Ocean Plugin | |||
| CVE-2020-1913 | unknown | — | — | 4y ago | Signed to Unsigned Conversion Error in Facebook Hermes | |||
| CVE-2020-1912 | unknown | — | — | 4y ago | Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes | |||
| CVE-2020-1911 | unknown | — | — | 4y ago | Access of Resource Using Incompatible Type in Facebook Hermes | |||
| CVE-2020-24940 | unknown | — | — | 4y ago | An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | |||
| CVE-2020-25102 | unknown | — | — | 4y ago | silverstripe-advancedreports vulnerable to XSS | |||
| CVE-2020-23814 | unknown | — | — | 4y ago | xxl-job Multiple cross-site scripting (XSS) vulnerabilities |