2020 CVE Vulnerabilities
21,060 CVEs published in 2020.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2020-37256 | MEDIUM | 5.1 | 0.2% | Jun 25, 2026 | Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security config... |
| CVE-2020-9713 | MEDIUM | 5.5 | 0.2% | Jun 23, 2026 | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.3... |
| CVE-2020-9711 | MEDIUM | 5.5 | 0.2% | Jun 23, 2026 | Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an ou... |
| CVE-2020-37248 | MEDIUM | 6.5 | 0.2% | Jun 8, 2026 | OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS... |
| CVE-2020-25900 | MEDIUM | 5.3 | 0.2% | Jun 5, 2026 | HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or... |
| CVE-2020-37246 | MEDIUM | 6.9 | 0.7% | May 16, 2026 | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and d... |
| CVE-2020-37241 | MEDIUM | 6.9 | 0.1% | May 16, 2026 | bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative a... |
| CVE-2020-37240 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrat... |
| CVE-2020-37238 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content... |
| CVE-2020-37237 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to... |
| CVE-2020-37236 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrat... |
| CVE-2020-37235 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows auth... |
| CVE-2020-37234 | MEDIUM | 6.9 | 0.1% | May 16, 2026 | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local ... |
| CVE-2020-37233 | MEDIUM | 5.1 | 0.2% | May 16, 2026 | WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated att... |
| CVE-2020-37225 | MEDIUM | 5.1 | 0.2% | May 13, 2026 | Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated att... |
| CVE-2020-37222 | MEDIUM | 5.1 | 0.3% | May 13, 2026 | Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inje... |
| CVE-2020-37217 | MEDIUM | 5.1 | 0.1% | May 13, 2026 | Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts... |
| CVE-2020-37174 | MEDIUM | 4.8 | 0.3% | May 13, 2026 | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenti... |
| CVE-2020-37169 | MEDIUM | 6.8 | 0.2% | May 13, 2026 | WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers... |
| CVE-2020-37215 | MEDIUM | 4.6 | 0.2% | Feb 11, 2026 | MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the applica... |
| CVE-2020-37213 | MEDIUM | 6.7 | 0.2% | Feb 11, 2026 | TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sendi... |
| CVE-2020-37212 | MEDIUM | 4.6 | 0.3% | Feb 11, 2026 | SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to c... |
| CVE-2020-37211 | MEDIUM | 4.6 | 0.3% | Feb 11, 2026 | SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a larg... |
| CVE-2020-37210 | MEDIUM | 4.6 | 0.3% | Feb 11, 2026 | SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the... |
| CVE-2020-37209 | MEDIUM | 4.6 | 0.3% | Feb 11, 2026 | SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to... |
Check if your code is affected by 2020 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now