2020 CVEs
21060 CVEs published in 2020. 2720 critical, 8116 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-8974 | Critical | 10.0 | 2022-10-17 | In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker… |
CVE-2020-10640 | Critical | 10.0 | 2022-02-24 | Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a… |
CVE-2020-12030 | Critical | 10.0 | 2021-09-29 | There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the… |
CVE-2020-7388 | Critical | 10.0 | 2021-07-22 | Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can b… |
CVE-2020-4561 | Critical | 10.0 | 2021-06-01 | IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access… |
CVE-2020-14516 | Critical | 10.0 | 2021-03-18 | In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm w… |
CVE-2020-6779 | Critical | 10.0 | 2021-01-26 | Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remo… |
CVE-2020-29495 | Critical | 10.0 | 2021-01-14 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could p… |
CVE-2020-29493 | Critical | 10.0 | 2021-01-14 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potential… |
CVE-2020-29492 | Critical | 10.0 | 2021-01-04 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th… |
CVE-2020-29491 | Critical | 10.0 | 2021-01-04 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit th… |
CVE-2020-36157 | Critical | 10.0 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of… |
CVE-2020-36155 | Critical | 10.0 | 2021-01-04 | An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could su… |
CVE-2020-35949 | Critical | 10.0 | 2021-01-01 | An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary… |
CVE-2020-26282 | Critical | 10.0 | 2020-12-24 | BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works we… |
CVE-2020-25066 | Critical | 10.0 | 2020-12-22 | A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possib… |
CVE-2020-12522 | Critical | 10.0 | 2020-12-17 | The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-8… |
CVE-2020-26276 | Critical | 10.0 | 2020-12-17 | Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutate… |
CVE-2020-35489 | Critical | 10.0 | 2020-12-17 | The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may cont… |
CVE-2020-26829 | Critical | 10.0 | 2020-12-09 | SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missin… |