CVEs from 2020
Total
4,781
critical
critical 193
high
high 470
medium
medium 675
low
low 56
% Critical
4.0%
% with KEV
3.1%
% with exploit
3.1%
Top products
- banking_digital_experience 30
- retail_xstore_point_of_service 28
- primavera_unifier 27
- retail_service_backbone 15
- financial_services_institutional_performance_analytics 10
- communications_network_charging_and_control 10
- communications_contacts_server 9
- agile_plm 8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-12626 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | |
| CVE-2020-12625 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | |
| CVE-2020-18671 | unknown | — | — | — | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | |
| CVE-2020-15562 | unknown | — | — | — | An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in th… | |
| CVE-2020-21485 | unknown | — | — | 3y ago | Alluxio Cross Site Scripting vulnerability | |
| CVE-2020-22755 | unknown | — | — | 3y ago | MCMS vulnerable to arbitrary code execution via crafted thumbnail | |
| CVE-2020-7677 | unknown | — | — | 4y ago | thenify before 3.3.1 made use of unsafe calls to `eval`. | |
| CVE-2020-2275 | unknown | — | — | 4y ago | Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin | |
| CVE-2020-2270 | unknown | — | — | 4y ago | Stored XSS vulnerability in ClearCase Release Plugin | |
| CVE-2020-2262 | unknown | — | — | 4y ago | Stored XSS vulnerability in android-lint Plugin | |
| CVE-2020-2207 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins VncViewer Plugin | |
| CVE-2020-2148 | unknown | — | — | 4y ago | Missing permission checks in Mac Plugin | |
| CVE-2020-2127 | unknown | — | — | 4y ago | Credential stored in plain text by BMC Release Package and Deployment Plugin | |
| CVE-2020-13937 | unknown | — | — | 4y ago | Authentication bypass in Apache Kylin | |
| CVE-2020-12668 | unknown | — | — | 4y ago | Unauthorized access to Class instance in Jinjava | |
| CVE-2020-35213 | unknown | — | — | 5y ago | An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | |
| CVE-2020-12642 | unknown | — | — | 5y ago | XXE vulnerability in Launch import | |
| CVE-2020-10688 | unknown | — | — | 5y ago | Cross-site scripting in RESTEasy | |
| CVE-2020-1957 | unknown | — | — | 5y ago | Improper Authentication in Apache Shiro | |
| CVE-2020-25649 | unknown | — | — | 5y ago | XML External Entity (XXE) Injection in Jackson Databind | |
| CVE-2020-35922 | unknown | — | — | 6y ago | An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |
| CVE-2020-5408 | unknown | — | — | 6y ago | Insufficient Entropy in Spring Security | |
| CVE-2020-1929 | unknown | — | — | 6y ago | Improper Certificate Validation in Apache Beam | |
| CVE-2020-5289 | unknown | — | — | 6y ago | Read permissions not enforced for client provided filter expressions in Elide. |