2020 CVE Vulnerabilities
21,060 CVEs published in 2020.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2020-37256 | MEDIUM | 5.1 | 0.2% | Jun 25, 2026 | Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security config... |
| CVE-2020-9713 | MEDIUM | 5.5 | 0.2% | Jun 23, 2026 | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.3... |
| CVE-2020-9711 | MEDIUM | 5.5 | 0.2% | Jun 23, 2026 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an ou... |
| CVE-2020-9695 | HIGH | 7.8 | 0.2% | Jun 23, 2026 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an ou... |
| CVE-2020-37255 | HIGH | 8.7 | 0.4% | Jun 20, 2026 | WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attack... |
| CVE-2020-37254 | HIGH | 8.5 | 0.1% | Jun 19, 2026 | Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppS... |
| CVE-2020-37253 | HIGH | 8.5 | 0.1% | Jun 19, 2026 | Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attac... |
| CVE-2020-37252 | HIGH | 8.5 | 0.1% | Jun 19, 2026 | Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows loca... |
| CVE-2020-37251 | HIGH | 8.5 | 0.1% | Jun 19, 2026 | RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows lo... |
| CVE-2020-37250 | HIGH | 8.5 | 0.1% | Jun 19, 2026 | TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows lo... |
| CVE-2020-2521 | — | — | — | Jun 12, 2026 | Rejected reason: This candidate was issued in error. |
| CVE-2020-37248 | MEDIUM | 6.5 | 0.2% | Jun 8, 2026 | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS... |
| CVE-2020-25900 | MEDIUM | 5.3 | 0.2% | Jun 5, 2026 | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or... |
| CVE-2020-37247 | HIGH | 8.5 | 0.1% | May 16, 2026 | Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local att... |
| CVE-2020-37246 | MEDIUM | 6.9 | 0.7% | May 16, 2026 | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and d... |
| CVE-2020-37245 | HIGH | 8.7 | 0.5% | May 16, 2026 | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attac... |
| CVE-2020-37244 | HIGH | 8.8 | 0.3% | May 16, 2026 | Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbi... |
| CVE-2020-37243 | HIGH | 8.8 | 0.3% | May 16, 2026 | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenti... |
| CVE-2020-37242 | HIGH | 8.8 | 0.3% | May 16, 2026 | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute ... |
| CVE-2020-37241 | MEDIUM | 6.9 | 0.1% | May 16, 2026 | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative a... |
| CVE-2020-37240 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrat... |
| CVE-2020-37239 | CRITICAL | 9.3 | 0.5% | May 16, 2026 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety check... |
| CVE-2020-37238 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content... |
| CVE-2020-37237 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to... |
| CVE-2020-37236 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrat... |
Check if your code is affected by 2020 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now