CVEs from 2020
Total
3,795
critical
critical 206
high
high 563
medium
medium 745
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%
Top vendors
- oracle 476
- schneider-electric 139
- siemens 103
- netapp 28
- arista 15
- rockwellautomation 9
- fasterxml 8
- kubernetes 8
Top products
- retail_xstore_point_of_service 33
- banking_digital_experience 30
- primavera_unifier 29
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 13
- insurance_policy_administration_j2ee 11
- communications_network_charging_and_control 10
- enterprise_manager_base_platform 10
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9583 | unknown | — | — | 4y ago | Magento command injection vulnerability | |||
| CVE-2020-9582 | unknown | — | — | 4y ago | Magento command injection vulnerability | |||
| CVE-2020-9581 | unknown | — | — | 4y ago | Magento stored cross-site scripting vulnerability | |||
| CVE-2020-9578 | unknown | — | — | 4y ago | Magento command injection vulnerability | |||
| CVE-2020-9576 | unknown | — | — | 4y ago | Magento command injection vulnerability | |||
| CVE-2020-9580 | unknown | — | — | 4y ago | Magento Security mitigation bypass vulnerability | |||
| CVE-2020-9577 | unknown | — | — | 4y ago | Magento stored cross-site scripting vulnerability | |||
| CVE-2020-9579 | unknown | — | — | 4y ago | Magento Security mitigation bypass vulnerability | |||
| CVE-2020-10727 | unknown | — | — | 4y ago | nsufficiently Protected Credentials in ActiveMQ Artemis | |||
| CVE-2020-15005 | unknown | — | — | 4y ago | img_auth.php may leak private extension images into the public cache | |||
| CVE-2020-15015 | unknown | — | — | 4y ago | GleamTech FileUltimate Cross-site Scripting | |||
| CVE-2020-13700 | unknown | — | — | 4y ago | acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation | |||
| CVE-2020-13157 | unknown | — | — | 4y ago | NukeViet Cross-Site Request Forgery (CSRF) | |||
| CVE-2020-13155 | unknown | — | — | 4y ago | NukeViet Cross-Site Request Forgery (CSRF) | |||
| CVE-2020-13156 | unknown | — | — | 4y ago | NukeViet Cross-Site Request Forgery (CSRF) | |||
| CVE-2020-10740 | unknown | — | — | 4y ago | Wildfly Unsafe Deserialization Vulnerability | |||
| CVE-2020-5590 | unknown | — | — | 4y ago | EC-CUBE Directory traversal vulnerability | |||
| CVE-2020-14475 | unknown | — | — | 4y ago | Dolibarr reflected cross-site scripting (XSS) vulnerability | |||
| CVE-2020-14457 | unknown | — | — | 4y ago | Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost | |||
| CVE-2020-13961 | unknown | — | — | 4y ago | Improper Input Validation in strapi | |||
| CVE-2020-14443 | unknown | — | — | 4y ago | Dolibarr SQL injection vulnerability in accountancy/customer/card.php | |||
| CVE-2020-7932 | unknown | — | — | 4y ago | OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, … | |||
| CVE-2020-12827 | unknown | — | — | 4y ago | MJML vulnerable to path traversal | |||
| CVE-2020-14146 | unknown | — | — | 4y ago | KumbiaPHP Cross-site Scripting | |||
| CVE-2020-5411 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Spring Batch | |||
| CVE-2020-13444 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Sanitize API Data | |||
| CVE-2020-13445 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution | |||
| CVE-2020-10755 | unknown | — | — | 4y ago | An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16… | |||
| CVE-2020-1073 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2020-13980 | unknown | — | — | 4y ago | OpenCart Cross-site Scripting | |||
| CVE-2020-13868 | unknown | — | — | 4y ago | Comments plugin Cross-Site Request Forgery (CSRF) | |||
| CVE-2020-13870 | unknown | — | — | 4y ago | Comments plugin stored Cross-site Scripting (XSS) via an asset volume name | |||
| CVE-2020-13869 | unknown | — | — | 4y ago | Comments plugin stored Cross-site Scripting via a guest name | |||
| CVE-2020-2197 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2192 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Swarm Plugin | |||
| CVE-2020-2200 | unknown | — | — | 4y ago | OS command injection vulnerability in Jenkins Play Framework Plugin | |||
| CVE-2020-2198 | unknown | — | — | 4y ago | Missing permission check in Jenkins Project Inheritance Plugin | |||
| CVE-2020-2199 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin | |||
| CVE-2020-2194 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2190 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin | |||
| CVE-2020-2193 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins ECharts API Plugin | |||
| CVE-2020-2191 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Swarm Plugin | |||
| CVE-2020-2195 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Compact Columns Plugin | |||
| CVE-2020-2196 | unknown | — | — | 4y ago | Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection | |||
| CVE-2020-13764 | unknown | — | — | 4y ago | Gravity Forms plugin leak hashed passwords | |||
| CVE-2020-10959 | unknown | — | — | 4y ago | MediaWiki Open Redirect vulnerability | |||
| CVE-2020-13633 | unknown | — | — | 4y ago | Fork CMS Cross-site Scripting Vulnerability | |||
| CVE-2020-13486 | unknown | — | — | 4y ago | Knock Knock plugin Open redirection vulnerability | |||
| CVE-2020-10945 | unknown | — | — | 4y ago | Centreon Sensitive Data Exposure vulnerability | |||
| CVE-2020-13487 | unknown | — | — | 4y ago | bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section | |||
| CVE-2020-13485 | unknown | — | — | 4y ago | Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header | |||
| CVE-2020-13458 | unknown | — | — | 4y ago | Image Resizer Cross-Site Request Forgery (CSRF) | |||
| CVE-2020-13459 | unknown | — | — | 4y ago | Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action | |||
| CVE-2020-7658 | unknown | — | — | 4y ago | meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header pa… | |||
| CVE-2020-1065 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2020-1037 | unknown | — | — | 4y ago | ChakraCore Remote Code Execution Vulnerability | |||
| CVE-2020-10738 | unknown | — | — | 4y ago | Moodle vulnerable to RCE | |||
| CVE-2020-13241 | unknown | — | — | 4y ago | Microweber allows Unrestricted File Upload | |||
| CVE-2020-13239 | unknown | — | — | 4y ago | Dolibarr Stored Cross-site Scripting via file upload | |||
| CVE-2020-13226 | unknown | — | — | 4y ago | WSO2 API Manager vulnerable to SSRF | |||
| CVE-2020-13240 | unknown | — | — | 4y ago | Dolibarr Stored Cross-site Scripting | |||
| CVE-2020-13092 | unknown | — | — | 4y ago | ** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system cal… | |||
| CVE-2020-12889 | unknown | — | — | 4y ago | MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | |||
| CVE-2020-1724 | unknown | — | — | 4y ago | Keycloak Insufficient Session Expiry | |||
| CVE-2020-1698 | unknown | — | — | 4y ago | Keycloak leaks sensitive information in logged exceptions | |||
| CVE-2020-12790 | unknown | — | — | 4y ago | SEOmatic for CraftCMS allows Server-Side Template Injection | |||
| CVE-2020-12760 | unknown | — | — | 4y ago | OpenNMS Horizon RCE via Unsafe Deserialization | |||
| CVE-2020-12692 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then … | |||
| CVE-2020-12691 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then … | |||
| CVE-2020-12689 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala… | |||
| CVE-2020-12669 | unknown | — | — | 4y ago | Incorrect Authorization in Dolibarr | |||
| CVE-2020-2187 | unknown | — | — | 4y ago | Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin | |||
| CVE-2020-2181 | unknown | — | — | 4y ago | Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps | |||
| CVE-2020-2189 | unknown | — | — | 4y ago | RCE vulnerability in SCM Filter Jervis Plugin | |||
| CVE-2020-2188 | unknown | — | — | 4y ago | Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin | |||
| CVE-2020-2185 | unknown | — | — | 4y ago | Missing SSH host key validation in Jenkins Amazon EC2 Plugin | |||
| CVE-2020-2184 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins CVS Plugin | |||
| CVE-2020-2186 | unknown | — | — | 4y ago | CSRF vulnerability in Amazon EC2 Plugin | |||
| CVE-2020-2182 | unknown | — | — | 4y ago | Improper masking of some secrets in Jenkins Credentials Binding Plugin | |||
| CVE-2020-2183 | unknown | — | — | 4y ago | Improper permission checks in Jenkins Copy Artifact Plugin | |||
| CVE-2020-12439 | unknown | — | — | 4y ago | Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain | |||
| CVE-2020-10686 | unknown | — | — | 4y ago | Keycloak users may be able to remove MFA from other users' devices | |||
| CVE-2020-7645 | unknown | — | — | 4y ago | chrome-launcher subject to OS Command Injection | |||
| CVE-2020-12478 | unknown | — | — | 4y ago | TeamPass files are available without authentication | |||
| CVE-2020-12479 | unknown | — | — | 4y ago | TeamPass PHP arbitrary file include vulnerability | |||
| CVE-2020-12468 | unknown | — | — | 4y ago | Subrion CMS CSV injection via Export Language | |||
| CVE-2020-12469 | unknown | — | — | 4y ago | Subrion CMS PHP Object Injection | |||
| CVE-2020-1745 | unknown | — | — | 4y ago | Improper Authorization in Undertoe | |||
| CVE-2020-1757 | unknown | — | — | 4y ago | Improper Input Validation in Undertow | |||
| CVE-2020-11883 | unknown | — | — | 4y ago | Diavante vue-storefront-api and storefront-api disclose stack trace | |||
| CVE-2020-2180 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins AWS SAM Plugin | |||
| CVE-2020-2178 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Parasoft Findings Plugin | |||
| CVE-2020-2177 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins Copr Plugin | |||
| CVE-2020-2179 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins Yaml Axis Plugin | |||
| CVE-2020-11823 | unknown | — | — | 4y ago | Dolibarr stored Cross-site Scripting vulnerability | |||
| CVE-2020-11825 | unknown | — | — | 4y ago | Dolibarr Cross-Site Request Forgery Vulnerability | |||
| CVE-2020-9280 | unknown | — | — | 4y ago | SilverStripe Folders migrated from 3.x may be unsafe to upload to | |||
| CVE-2020-0969 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2020-0970 | unknown | — | — | 4y ago | ChakraCore Remote Code Execution Vulnerability | |||
| CVE-2020-2176 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins useMango Runner Plugin |