2020 CVEs

21060 CVEs published in 2020. 2720 critical, 8116 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2020
CVESeverityScorePublishedSummary
CVE-2020-8974Critical10.02022-10-17In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker…
CVE-2020-10640Critical10.02022-02-24Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a…
CVE-2020-12030Critical10.02021-09-29There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the…
CVE-2020-7388Critical10.02021-07-22Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can b…
CVE-2020-4561Critical10.02021-06-01IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access…
CVE-2020-14516Critical10.02021-03-18In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm w…
CVE-2020-6779Critical10.02021-01-26Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remo…
CVE-2020-29495Critical10.02021-01-14DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could p…
CVE-2020-29493Critical10.02021-01-14DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potential…
CVE-2020-29492Critical10.02021-01-04Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th…
CVE-2020-29491Critical10.02021-01-04Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th…
CVE-2020-36157Critical10.02021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of…
CVE-2020-36155Critical10.02021-01-04An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su…
CVE-2020-35949Critical10.02021-01-01An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary…
CVE-2020-26282Critical10.02020-12-24BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works we…
CVE-2020-25066Critical10.02020-12-22A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possib…
CVE-2020-12522Critical10.02020-12-17The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-8…
CVE-2020-26276Critical10.02020-12-17Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutate…
CVE-2020-35489Critical10.02020-12-17The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may cont…
CVE-2020-26829Critical10.02020-12-09SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missin…