📄️ CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it inco
📄️ CVE-2020-1943
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 1
📄️ CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate
📄️ CVE-2020-2036
A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface.
📄️ CVE-2020-2096
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint
📄️ CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail ob
📄️ CVE-2020-2140
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns fi
📄️ CVE-2020-2551
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core
📄️ CVE-2020-2733
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitor
📄️ CVE-2020-3187
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
📄️ CVE-2020-3452
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
📄️ CVE-2020-3580
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) So
📄️ CVE-2020-4463
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (X
📄️ CVE-2020-5191
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti
📄️ CVE-2020-5192
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie
📄️ CVE-2020-5284
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft specia
📄️ CVE-2020-5307
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by
📄️ CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsuppo
📄️ CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsuppo
📄️ CVE-2020-5412
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupp
📄️ CVE-2020-5775
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to ca
📄️ CVE-2020-5776
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via php
📄️ CVE-2020-5777
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing defa
📄️ CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
📄️ CVE-2020-5902
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11
📄️ CVE-2020-6171
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management cons
📄️ CVE-2020-6207
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check
📄️ CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform
📄️ CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows a
📄️ CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of i
📄️ CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via th
📄️ CVE-2020-7107
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/Display
📄️ CVE-2020-7136
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote
📄️ CVE-2020-7209
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.
📄️ CVE-2020-7318
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 all
📄️ CVE-2020-7796
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed an
📄️ CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics AP
📄️ CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to
📄️ CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field wi
📄️ CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script
📄️ CVE-2020-8163
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacke
📄️ CVE-2020-8191
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1
📄️ CVE-2020-8193
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.
📄️ CVE-2020-8194
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12
📄️ CVE-2020-8209
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 b
📄️ CVE-2020-8497
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file
📄️ CVE-2020-8512
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
📄️ CVE-2020-8515
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.
📄️ CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker ap
📄️ CVE-2020-8641
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal
📄️ CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
📄️ CVE-2020-8654
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges c
📄️ CVE-2020-8771
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request conta
📄️ CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_m
📄️ CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell
📄️ CVE-2020-8982
An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones
📄️ CVE-2020-9036
Jeedom through 4.0.38 allows XSS.
📄️ CVE-2020-9043
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
📄️ CVE-2020-9047
A vulnerability exists that could allow the execution of unauthorized code or operating system comma
📄️ CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-au
📄️ CVE-2020-9315
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Contr
📄️ CVE-2020-9344
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
📄️ CVE-2020-9376
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1
📄️ CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untruste
📄️ CVE-2020-9425
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacke
📄️ CVE-2020-9483
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL
📄️ CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.
📄️ CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache O
📄️ CVE-2020-9757
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads t
📄️ CVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacke
📄️ CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
📄️ CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via
📄️ CVE-2020-10546
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Be
📄️ CVE-2020-10547
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injecti
📄️ CVE-2020-10548
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by d
📄️ CVE-2020-10549
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by
📄️ CVE-2020-10770
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an
📄️ CVE-2020-10973
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 a
📄️ CVE-2020-11034
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect prote
📄️ CVE-2020-11110
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl fiel
📄️ CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and oth
📄️ CVE-2020-11455
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a
📄️ CVE-2020-11529
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still
📄️ CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerabili
📄️ CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language
📄️ CVE-2020-11547
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain informati
📄️ CVE-2020-11710
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessibl
📄️ CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) all
📄️ CVE-2020-11798
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1
📄️ CVE-2020-11853
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge
📄️ CVE-2020-11854
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Managemen
📄️ CVE-2020-11930
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This require
📄️ CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul
📄️ CVE-2020-11991
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, includi
📄️ CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a s
📄️ CVE-2020-12116
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an un
📄️ CVE-2020-12124
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK W
📄️ CVE-2020-12127
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK
📄️ CVE-2020-12256
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user inp
📄️ CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user in
📄️ CVE-2020-12447
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote u
📄️ CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root.
📄️ CVE-2020-12720
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access con
📄️ CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unr
📄️ CVE-2020-13117
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject
📄️ CVE-2020-13121
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login
📄️ CVE-2020-13158
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.deta
📄️ CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlog
📄️ CVE-2020-13258
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter
📄️ CVE-2020-13379
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This v
📄️ CVE-2020-13405
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthentica
📄️ CVE-2020-13483
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] paramete
📄️ CVE-2020-13638
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to admi
📄️ CVE-2020-13700
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an inse
📄️ CVE-2020-13820
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET req
📄️ CVE-2020-13851
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
📄️ CVE-2020-13927
The previous default setting for Airflow's Experimental API was to allow all API requests without au
📄️ CVE-2020-13937
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6
📄️ CVE-2020-13942
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This
📄️ CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rul
📄️ CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
📄️ CVE-2020-14144
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code executi
📄️ CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers t
📄️ CVE-2020-14181
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerat
📄️ CVE-2020-14408
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in
📄️ CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.p
📄️ CVE-2020-14750
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
📄️ CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle
📄️ CVE-2020-14882
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
📄️ CVE-2020-14883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)
📄️ CVE-2020-15050
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers c
📄️ CVE-2020-15129
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vuln
📄️ CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application
📄️ CVE-2020-15227
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code inject
📄️ CVE-2020-15500
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET para
📄️ CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier,
📄️ CVE-2020-15568
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. T
📄️ CVE-2020-15867
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. Th
📄️ CVE-2020-15895
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/
📄️ CVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve
📄️ CVE-2020-16139
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows atta
📄️ CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API
📄️ CVE-2020-16952
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to c
📄️ CVE-2020-17362
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
📄️ CVE-2020-17453
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
📄️ CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to t
📄️ CVE-2020-17463
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /n
📄️ CVE-2020-17496
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax
📄️ CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the serv
📄️ CVE-2020-17506
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web bac
📄️ CVE-2020-17518
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra
📄️ CVE-2020-17519
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack
📄️ CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default conf
📄️ CVE-2020-17530
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code
📄️ CVE-2020-18268
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive informatio
📄️ CVE-2020-19282
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arb
📄️ CVE-2020-19283
A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 al
📄️ CVE-2020-19295
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 a
📄️ CVE-2020-19360
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attac
📄️ CVE-2020-19515
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
📄️ CVE-2020-19625
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3,
📄️ CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header
📄️ CVE-2020-20300
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
📄️ CVE-2020-20982
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitr
📄️ CVE-2020-20988
A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod
📄️ CVE-2020-21012
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection
📄️ CVE-2020-21224
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker
📄️ CVE-2020-22208
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
📄 ️ CVE-2020-22209
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
📄️ CVE-2020-22210
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
📄️ CVE-2020-22211
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
📄️ CVE-2020-22840
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform
📄️ CVE-2020-23015
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter 'url' in lo
📄️ CVE-2020-23517
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before all
📄️ CVE-2020-23575
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploita
📄️ CVE-2020-23697
Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.
📄️ CVE-2020-23972
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function wit
📄️ CVE-2020-24148
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 fo
📄️ CVE-2020-24186
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for W
📄️ CVE-2020-24223
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
📄️ CVE-2020-24312
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups dire
📄️ CVE-2020-24391
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsa
📄️ CVE-2020-24550
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users
📄️ CVE-2020-24571
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
📄️ CVE-2020-24579
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An u
📄️ CVE-2020-24589
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Exter
📄️ CVE-2020-24701
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite
📄️ CVE-2020-24902
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validati
📄️ CVE-2020-24903
Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper
📄️ CVE-2020-24912
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in pro
📄️ CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not
📄️ CVE-2020-25078
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices
📄️ CVE-2020-25213
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload
📄️ CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.
📄️ CVE-2020-25495
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 an
📄️ CVE-2020-25506
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi compon
📄️ CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read
📄️ CVE-2020-25780
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and
📄️ CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to
📄️ CVE-2020-26153
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages
📄️ CVE-2020-26214
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an e
📄️ CVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a r
📄️ CVE-2020-26248
In the PrestaShop module 'productcomments' before version 4.2.1, an attacker can use a Blind SQL inj
📄️ CVE-2020-26258
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.
📄️ CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2
📄️ CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended pa
📄️ CVE-2020-26919
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function leve
📄️ CVE-2020-26948
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
📄️ CVE-2020-27191
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via craft
📄️ CVE-2020-27361
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitiv
📄️ CVE-2020-27467
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter
📄️ CVE-2020-27481
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the
📄️ CVE-2020-27735
An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the he
📄️ CVE-2020-27838
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fe
📄️ CVE-2020-27866
This vulnerability allows network-adjacent attackers to bypass authentication on affected installati
📄️ CVE-2020-27982
IceWarp 11.4.5.0 allows XSS via the language parameter.
📄️ CVE-2020-27986
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credential
📄️ CVE-2020-28185
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers
📄️ CVE-2020-28188
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticat
📄️ CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat thro
📄️ CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated att
📄️ CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arb
📄️ CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticat
📄️ CVE-2020-29164
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
📄️ CVE-2020-29227
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a f
📄️ CVE-2020-29284
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input
📄️ CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
📄️ CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.
📄️ CVE-2020-29583
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange
📄️ CVE-2020-29597
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vul
📄️ CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploit
📄️ CVE-2020-35338
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Serve
📄️ CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the
📄️ CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File U
📄️ CVE-2020-35580
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote
📄️ CVE-2020-35598
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/
📄️ CVE-2020-35713
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary command
📄️ CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.p
📄️ CVE-2020-35736
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traver
📄️ CVE-2020-35749
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simpl
📄️ CVE-2020-35774
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.1
📄️ CVE-2020-35846
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
📄️ CVE-2020-35847
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword func
📄️ CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword functi
📄️ CVE-2020-35951
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows u
📄️ CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2
📄️ CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists' feature of Rukovoditel 2.7.2
📄️ CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovodite
📄️ CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.
📄️ CVE-2020-36112
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based
📄️ CVE-2020-36289
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerat
📄️ CVE-2020-36365
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache,
📄️ CVE-2020-36510
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before output