| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-26006 | Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.p... | | |
| CVE-2020-26007 | An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attacker... | E | |
| CVE-2020-26008 | The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains ... | E | |
| CVE-2020-26028 | An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access... | | |
| CVE-2020-26029 | An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonati... | | |
| CVE-2020-26030 | An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoin... | | |
| CVE-2020-26031 | An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base draft... | | |
| CVE-2020-26032 | An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversa... | | |
| CVE-2020-26033 | An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and del... | | |
| CVE-2020-26034 | An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is... | | |
| CVE-2020-26035 | An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.... | | |
| CVE-2020-26037 | Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 be... | | |
| CVE-2020-26041 | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in inst... | E | |
| CVE-2020-26042 | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index... | E | |
| CVE-2020-26043 | An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php... | E | |
| CVE-2020-26045 | FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting t... | E | |
| CVE-2020-26046 | FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie steali... | E | |
| CVE-2020-26048 | The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a m... | | |
| CVE-2020-26049 | Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution... | E | |
| CVE-2020-26050 | SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low pr... | E | |
| CVE-2020-26051 | College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page f... | E | |
| CVE-2020-26052 | Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabili... | | |
| CVE-2020-26053 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-26061 | ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authenticatio... | E | |
| CVE-2020-26062 | Cisco Integrated Management Controller Username Enumeration Vulnerability | | |
| CVE-2020-26063 | Cisco Integrated Management Controller Software Authorization Bypass Vulnerability | | |
| CVE-2020-26064 | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote ... | | |
| CVE-2020-26065 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a... | | |
| CVE-2020-26066 | Cisco SD-WAN vManage Software XML External Entity Vulnerability | | |
| CVE-2020-26067 | Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability | | |
| CVE-2020-26068 | Cisco Telepresence CE Software and RoomOS Software Unauthorized Token Generation Vulnerability | | |
| CVE-2020-26070 | Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability | | |
| CVE-2020-26071 | Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability | | |
| CVE-2020-26072 | Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability | | |
| CVE-2020-26073 | Cisco SD-WAN vManage Directory Traversal Vulnerability | | |
| CVE-2020-26074 | Cisco SD-WAN vManage Privilege Escalation Vulnerability | | |
| CVE-2020-26075 | Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability | | |
| CVE-2020-26076 | Cisco IoT Field Network Director Information Disclosure Vulnerability | | |
| CVE-2020-26077 | Cisco IoT Field Network Director Improper Access Control Vulnerability | | |
| CVE-2020-26078 | Cisco IoT Field Network Director File Overwrite Vulnerability | | |
| CVE-2020-26079 | Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability | | |
| CVE-2020-26080 | Cisco IoT Field Network Director Improper Domain Access Control Vulnerability | | |
| CVE-2020-26081 | Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities | | |
| CVE-2020-26082 | A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security A... | | |
| CVE-2020-26083 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability | | |
| CVE-2020-26084 | Cisco Edge Fog Fabric Resource Exposure Vulnerability | | |
| CVE-2020-26085 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities | | |
| CVE-2020-26086 | Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability | | |
| CVE-2020-26088 | A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5... | S | |
| CVE-2020-26097 | The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default cre... | E | |
| CVE-2020-26098 | cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).... | | |
| CVE-2020-26099 | cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).... | | |
| CVE-2020-26100 | chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).... | | |
| CVE-2020-26101 | In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).... | | |
| CVE-2020-26102 | In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-5... | | |
| CVE-2020-26103 | In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).... | | |
| CVE-2020-26104 | In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).... | | |
| CVE-2020-26105 | In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).... | | |
| CVE-2020-26106 | cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-55... | | |
| CVE-2020-26107 | cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).... | | |
| CVE-2020-26108 | cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).... | | |
| CVE-2020-26109 | cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package mod... | | |
| CVE-2020-26110 | cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).... | | |
| CVE-2020-26111 | cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).... | | |
| CVE-2020-26112 | The email quota cache in cPanel before 90.0.10 allows overwriting of files.... | | |
| CVE-2020-26113 | cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).... | | |
| CVE-2020-26114 | cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).... | | |
| CVE-2020-26115 | cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).... | | |
| CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3... | E S | |
| CVE-2020-26117 | In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS c... | S | |
| CVE-2020-26118 | In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introdu... | | |
| CVE-2020-26120 | XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is misha... | E S | |
| CVE-2020-26121 | An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can i... | S | |
| CVE-2020-26122 | Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administr... | | |
| CVE-2020-26124 | openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, ... | E S | |
| CVE-2020-26129 | In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.... | | |
| CVE-2020-26130 | Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66.... | E | |
| CVE-2020-26131 | Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta.... | E | |
| CVE-2020-26132 | An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the defa... | | |
| CVE-2020-26133 | An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the... | | |
| CVE-2020-26134 | Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.... | S | |
| CVE-2020-26135 | Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.... | S | |
| CVE-2020-26136 | In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when usi... | E | |
| CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as dem... | S | |
| CVE-2020-26138 | In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validati... | E | |
| CVE-2020-26139 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to o... | S | |
| CVE-2020-26140 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, ... | | |
| CVE-2020-26141 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementa... | | |
| CVE-2020-26142 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations t... | | |
| CVE-2020-26143 | An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2... | | |
| CVE-2020-26144 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 imple... | | |
| CVE-2020-26145 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 imple... | S | |
| CVE-2020-26146 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementa... | | |
| CVE-2020-26147 | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reas... | S | |
| CVE-2020-26148 | md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory,... | E S | |
| CVE-2020-26149 | NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credenti... | S | |
| CVE-2020-26150 | info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information... | | |
| CVE-2020-26153 | A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages... | E S | |
| CVE-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrate... | | |
| CVE-2020-26155 | Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/... | E | |
| CVE-2020-26156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-26157 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This l... | | |
| CVE-2020-26158 | Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature... | | |
| CVE-2020-26159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed th... | R | |
| CVE-2020-26160 | jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations w... | S | |
| CVE-2020-26161 | In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modif... | | |
| CVE-2020-26162 | Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow X... | | |
| CVE-2020-26163 | BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result... | E S | |
| CVE-2020-26164 | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send craf... | S | |
| CVE-2020-26165 | qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/... | E | |
| CVE-2020-26166 | The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote au... | | |
| CVE-2020-26167 | In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete o... | | |
| CVE-2020-26168 | The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and... | | |
| CVE-2020-26171 | In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/att... | E | |
| CVE-2020-26172 | Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an ... | E | |
| CVE-2020-26173 | An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attac... | E | |
| CVE-2020-26174 | tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and rest... | E | |
| CVE-2020-26175 | In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in request... | E | |
| CVE-2020-26176 | An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control che... | E | |
| CVE-2020-26177 | In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out ... | E | |
| CVE-2020-26178 | In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download work... | E | |
| CVE-2020-26180 | Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported versi... | | |
| CVE-2020-26181 | Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a p... | | |
| CVE-2020-26182 | Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerabilit... | | |
| CVE-2020-26183 | Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certa... | | |
| CVE-2020-26184 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation ... | S | |
| CVE-2020-26185 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.... | S | |
| CVE-2020-26186 | Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulner... | | |
| CVE-2020-26191 | Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A use... | | |
| CVE-2020-26192 | Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non... | | |
| CVE-2020-26193 | Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability.... | | |
| CVE-2020-26194 | Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a ... | | |
| CVE-2020-26195 | Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto... | | |
| CVE-2020-26196 | Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation iss... | | |
| CVE-2020-26197 | Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vuln... | | |
| CVE-2020-26198 | Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting... | | |
| CVE-2020-26199 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password... | | |
| CVE-2020-26200 | A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insuffi... | | |
| CVE-2020-26201 | Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (... | E | |
| CVE-2020-26205 | XSS in Sal | S | |
| CVE-2020-26207 | Unsafe deserialization in DatabaseSchemaViewer | S | |
| CVE-2020-26208 | Heap-buffer-overflow in jhead | E S | |
| CVE-2020-26210 | Cross-Site Scripting in BookStack | E S | |
| CVE-2020-26211 | Cross-Site Scripting in BookStack | S | |
| CVE-2020-26212 | Any GLPI CalDAV calendars is read-only for every authenticated user | E S | |
| CVE-2020-26213 | Denial of Service in teler | S | |
| CVE-2020-26214 | LDAP authentication bypass in Alerta | S | |
| CVE-2020-26215 | Open redirect in Jupyter Notebook | S | |
| CVE-2020-26216 | Cross-Site Scripting in TYPO3 Fluid | E S | |
| CVE-2020-26217 | Remote Code Execution in XStream | E S | |
| CVE-2020-26218 | HTML Injection in touchbase.ai | | |
| CVE-2020-26219 | Open Redirect in touchbase.ai | | |
| CVE-2020-26220 | Information exposure in touchbase.ai | S | |
| CVE-2020-26221 | Stored Cross Site Scripting in touchbase.ai | | |
| CVE-2020-26222 | Remote code execution in dependabot-core | E S | |
| CVE-2020-26223 | Authorization bypass in Spree | E S | |
| CVE-2020-26224 | Improper Access Control in PrestaShop | E | |
| CVE-2020-26225 | Reflected XSS in PrestaShop Product Comments | S | |
| CVE-2020-26226 | Secret disclosure in semantic-release | S | |
| CVE-2020-26227 | Cross-Site Scripting in Fluid view helpers | E | |
| CVE-2020-26228 | Cleartext storage of session identifier | | |
| CVE-2020-26229 | XML External Entity in Dashboard Widget | | |
| CVE-2020-26230 | Deanonymization of COVID-19 positive users of Radar COVID | E S | |
| CVE-2020-26231 | Bypass of fix for CVE-2020-15247, Twig sandbox escape | S | |
| CVE-2020-26232 | Open redirect in Jupyter Server | S | |
| CVE-2020-26233 | Remote Code Execution in Git Credential Manager Core | E S | |
| CVE-2020-26234 | Disabled Hostname Verification in OpenCast | S | |
| CVE-2020-26235 | Segmentation fault in Rust time crate | S | |
| CVE-2020-26236 | Verification Code Hijacking in ScratchVerifier | S | |
| CVE-2020-26237 | Prototype Pollution in highlight.js | S | |
| CVE-2020-26238 | Critical vulnerability found in cron-utils | E S | |
| CVE-2020-26239 | Cross-Site Scripting in Scratch browser addons | S | |
| CVE-2020-26240 | Erroneous Proof of Work calculation in geth | S | |
| CVE-2020-26241 | Shallow copy bug in geth | | |
| CVE-2020-26242 | Denial of service in geth | | |
| CVE-2020-26243 | Memory leak in nanopb | E S | |
| CVE-2020-26244 | Cryptographic issues in Python oic | S | |
| CVE-2020-26245 | Prototype Pollution leading to Command Injection in systeminformation | S | |
| CVE-2020-26246 | Authorization bypass in Pimcore | S | |
| CVE-2020-26247 | XXE in Nokogiri | S | |
| CVE-2020-26248 | Blind SQL injection during the CommentGrade process | E S | |
| CVE-2020-26249 | Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2020-26250 | Base class whitelist configuration ignored in OAuthenticator | S | |
| CVE-2020-26251 | CORS configuration is possibly vulnerable | S | |
| CVE-2020-26252 | Layout XML RCE Vulnerability in OpenMage | S | |
| CVE-2020-26253 | .dev domains treated as local in Kirby | S | |
| CVE-2020-26254 | omniauth-apple allows attacker to fake their email address during authentication | E S | |
| CVE-2020-26255 | PHP Phar archives could be uploaded and executed in Kirby | S | |
| CVE-2020-26256 | Denial of service in fast-csv | E S | |
| CVE-2020-26257 | Denial of service attack via incorrect parameters to federation APIs | S | |
| CVE-2020-26258 | Server-Side Forgery Request can be activated unmarshalling with XStream | E M | |
| CVE-2020-26259 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling | E M | |
| CVE-2020-26260 | Server Side Request Forgery in BookStack | | |
| CVE-2020-26261 | user-readable api tokens in systemd units | S | |
| CVE-2020-26262 | Loopback bypass in Coturn | E S | |
| CVE-2020-26263 | RSA vulnerability in tslite-ng | E S | |
| CVE-2020-26264 | LES Server DoS via GetProofsV2 | S | |
| CVE-2020-26265 | Consensus flaw during block processing | | |
| CVE-2020-26266 | Uninitialized memory access in Eigen types in TensorFlow | E S | |
| CVE-2020-26267 | Lack of validation in data format attributes in TensorFlow | E S | |
| CVE-2020-26268 | Write to immutable memory region in TensorFlow | E S | |
| CVE-2020-26269 | Heap out of bounds read in filesystem glob matching in TensorFlow | E S | |
| CVE-2020-26270 | CHECK-fail in LSTM with zero-length input in TensorFlow | S | |
| CVE-2020-26271 | Heap out of bounds access in MakeEdge in TensorFlow | E S | |
| CVE-2020-26272 | Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs | S | |
| CVE-2020-26273 | sqlite ATTACH allows some filesystem access | E S | |
| CVE-2020-26274 | Command Injection Vulnerability in systeminformation | S | |
| CVE-2020-26275 | Open redirect vulnerability | E S | |
| CVE-2020-26276 | SAML authentication vulnerability in Fleet | S | |
| CVE-2020-26277 | Arbitrary read/write in DBdeployer | S | |
| CVE-2020-26278 | Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities | S | |
| CVE-2020-26279 | Path traversal | S | |
| CVE-2020-26280 | XSS in OpenSlides | S | |
| CVE-2020-26281 | request smuggling in async-h1 | | |
| CVE-2020-26282 | Template Injection in BrowserUp Proxy | E S | |
| CVE-2020-26283 | Control character injection in console output | S | |
| CVE-2020-26284 | Hugo can execute a binary from the current directory on Windows | E S | |
| CVE-2020-26285 | Widget instances allows a hacker to inject an executable file on the server on OpenMage | S | |
| CVE-2020-26286 | Arbitary file upload | S | |
| CVE-2020-26287 | Stored XSS in mermaid diagrams | E S | |
| CVE-2020-26288 | Parse Server stores password in plain text | S | |
| CVE-2020-26289 | Regular expression Denial of Service in date-and-time | S | |
| CVE-2020-26290 | Critical security issues in XML encoding in Dex | S | |
| CVE-2020-26291 | Hostname spoofing in URI.js | S | |
| CVE-2020-26292 | Potential Malware Discovered (Possible False Positive) | | |
| CVE-2020-26293 | Possible XSS bypass if style tag is allowed | S | |
| CVE-2020-26294 | Exposure of server configuration | E S | |
| CVE-2020-26295 | CMS Editor code execution | S | |
| CVE-2020-26296 | XSS in Vega | | |
| CVE-2020-26297 | XSS in mdBook's search page | S | |
| CVE-2020-26298 | Injection in Redcarpet | S | |
| CVE-2020-26299 | File System Bounds Escape | E S | |
| CVE-2020-26300 | Command injection in systeminformation | S | |
| CVE-2020-26301 | Command injection in mscdex/ssh2 | E S | |
| CVE-2020-26302 | is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expre... | E | |
| CVE-2020-26303 | GHSL-2020-289: Regular Expression Denial of Service (ReDoS) in insane | E | |
| CVE-2020-26304 | GHSL-2020-290: Regular Expression Denial of Service (ReDoS) in foundation-sites | E | |
| CVE-2020-26305 | GHSL-2020-291: Regular Expression Denial of Service (ReDoS) in CommonRegexJS | | |
| CVE-2020-26306 | GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js | | |
| CVE-2020-26307 | GHSL-2020-301: Regular Expression Denial of Service (ReDoS) in HTML2Markdown | | |
| CVE-2020-26308 | GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js | | |
| CVE-2020-26309 | GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator | | |
| CVE-2020-26310 | GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser | | |
| CVE-2020-26311 | GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent | E | |
| CVE-2020-26312 | GHSL-2020-254: Arbitrary file read and/or write in dotmesh | | |
| CVE-2020-26313 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26314 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26315 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26316 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26317 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26318 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26319 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26322 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26325 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26327 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26329 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26330 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26333 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26335 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26336 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26340 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26345 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26349 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26350 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26351 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26352 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26353 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26354 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26356 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26357 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26358 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26359 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26361 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26362 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26363 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26364 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26365 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26366 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26367 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26368 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26369 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26370 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26371 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26372 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26373 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26375 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26376 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26377 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26378 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26379 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26383 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26384 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26385 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26386 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26389 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26392 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26393 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26394 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26397 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26400 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26401 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26402 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26404 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26405 | Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allo... | | |
| CVE-2020-26406 | Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting... | | |
| CVE-2020-26407 | A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 bef... | | |
| CVE-2020-26408 | A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.... | | |
| CVE-2020-26409 | A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allo... | | |
| CVE-2020-26411 | A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 ... | | |
| CVE-2020-26412 | Removed group members were able to use the To-Do functionality to retrieve updated information on co... | | |
| CVE-2020-26413 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2... | | |
| CVE-2020-26414 | An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for... | | |
| CVE-2020-26415 | Information about the starred projects for private user profiles was exposed via the GraphQL API sta... | | |
| CVE-2020-26416 | Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposu... | | |
| CVE-2020-26417 | Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project ... | | |
| CVE-2020-26418 | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of servi... | E S | |
| CVE-2020-26419 | Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injectio... | E S | |
| CVE-2020-26420 | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of servic... | E S | |
| CVE-2020-26421 | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.... | E S | |
| CVE-2020-26422 | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet in... | S | |
| CVE-2020-26505 | A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.... | E | |
| CVE-2020-26506 | An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows u... | E | |
| CVE-2020-26507 | A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with ... | E | |
| CVE-2020-26508 | The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stor... | | |
| CVE-2020-26509 | Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of ... | E | |
| CVE-2020-26510 | Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tom... | | |
| CVE-2020-26511 | The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a ... | S | |
| CVE-2020-26513 | An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by... | E | |
| CVE-2020-26515 | An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through ... | E | |
| CVE-2020-26516 | A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the se... | E | |
| CVE-2020-26517 | A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. I... | E | |
| CVE-2020-26518 | Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via ... | E | |
| CVE-2020-26519 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing att... | | |
| CVE-2020-26521 | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go... | S | |
| CVE-2020-26522 | A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop throu... | E | |
| CVE-2020-26523 | Froala Editor before 3.2.2 allows XSS via pasted content.... | | |
| CVE-2020-26524 | CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.... | | |
| CVE-2020-26525 | Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows... | | |
| CVE-2020-26526 | An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames o... | | |
| CVE-2020-26527 | An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource shar... | E | |
| CVE-2020-26534 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after... | S | |
| CVE-2020-26535 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate... | S | |
| CVE-2020-26536 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer derefere... | S | |
| CVE-2020-26537 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation... | S | |
| CVE-2020-26538 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute a... | S | |
| CVE-2020-26539 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpr... | S | |
| CVE-2020-26540 | An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Run... | S | |
| CVE-2020-26541 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Databa... | E | |
| CVE-2020-26542 | An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when... | | |
| CVE-2020-26546 | An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe fun... | | |
| CVE-2020-26547 | Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) ... | | |
| CVE-2020-26548 | An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a u... | E | |
| CVE-2020-26549 | An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism t... | E | |
| CVE-2020-26550 | An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing creden... | E | |
| CVE-2020-26551 | An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in ... | E | |
| CVE-2020-26552 | An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that imp... | E | |
| CVE-2020-26553 | An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that... | E | |
| CVE-2020-26554 | REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.... | E | |
| CVE-2020-26555 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit... | | |
| CVE-2020-26556 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to co... | | |
| CVE-2020-26557 | Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without po... | | |
| CVE-2020-26558 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a ... | | |
| CVE-2020-26559 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (... | | |
| CVE-2020-26560 | Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, ... | | |
| CVE-2020-26561 | Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerabil... | E | |
| CVE-2020-26563 | ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=view... | E | |
| CVE-2020-26564 | ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have | E | |
| CVE-2020-26565 | ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do... | E | |
| CVE-2020-26566 | A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticat... | E | |
| CVE-2020-26567 | An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.... | E S | |
| CVE-2020-26569 | In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindi... | E | |
| CVE-2020-26570 | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow... | S | |
| CVE-2020-26571 | The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer over... | | |
| CVE-2020-26572 | The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in... | S | |
| CVE-2020-26574 | Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject ... | E | |
| CVE-2020-26575 | In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinit... | S | |
| CVE-2020-26582 | D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands... | E S | |
| CVE-2020-26583 | An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to... | | |
| CVE-2020-26584 | An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on ... | | |
| CVE-2020-26596 | The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authen... | E | |
| CVE-2020-26597 | An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsyste... | | |
| CVE-2020-26598 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network... | | |
| CVE-2020-26599 | An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms... | | |
| CVE-2020-26600 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attacke... | | |
| CVE-2020-26601 | An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10... | | |
| CVE-2020-26602 | An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), a... | | |
| CVE-2020-26603 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker... | | |
| CVE-2020-26604 | An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11... | | |
| CVE-2020-26605 | An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) softwar... | | |
| CVE-2020-26606 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software... | | |
| CVE-2020-26607 | An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) so... | | |
| CVE-2020-26609 | fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow a... | E | |
| CVE-2020-26623 | SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to ex... | E | |
| CVE-2020-26624 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at... | E | |
| CVE-2020-26625 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at... | E | |
| CVE-2020-26627 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can... | E | |
| CVE-2020-26628 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which a... | E | |
| CVE-2020-26629 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management Syst... | E | |
| CVE-2020-26630 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can... | E | |
| CVE-2020-26641 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an a... | E | |
| CVE-2020-26642 | A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 1... | E | |
| CVE-2020-26649 | AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php... | E | |
| CVE-2020-26650 | AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php... | E | |
| CVE-2020-26652 | An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to c... | E | |
| CVE-2020-26664 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to ... | E | |
| CVE-2020-26668 | A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and ear... | E | |
| CVE-2020-26669 | A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier w... | E | |
| CVE-2020-26670 | A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated ... | E | |
| CVE-2020-26672 | Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/po... | E | |
| CVE-2020-26677 | Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a mali... | | |
| CVE-2020-26678 | vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference o... | | |
| CVE-2020-26679 | vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or... | | |
| CVE-2020-26680 | In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users... | | |
| CVE-2020-26682 | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer ove... | E | |
| CVE-2020-26683 | A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attack... | E S | |
| CVE-2020-26693 | A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an... | S | |
| CVE-2020-26701 | Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows rem... | E | |
| CVE-2020-26705 | The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerabi... | S | |
| CVE-2020-26707 | An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execu... | E | |
| CVE-2020-26708 | requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability w... | | |
| CVE-2020-26709 | py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which all... | | |
| CVE-2020-26710 | easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability whic... | | |
| CVE-2020-26712 | REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. Th... | E | |
| CVE-2020-26713 | REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The informa... | E | |
| CVE-2020-26728 | A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(... | E | |
| CVE-2020-26732 | SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for... | | |
| CVE-2020-26733 | Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Softwa... | E | |
| CVE-2020-26759 | clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute ar... | S | |
| CVE-2020-26762 | A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), whic... | | |
| CVE-2020-26763 | The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.... | S | |
| CVE-2020-26766 | A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User ... | E | |
| CVE-2020-26768 | Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by i... | | |
| CVE-2020-26772 | Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'Aja... | E | |
| CVE-2020-26773 | Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which a... | | |
| CVE-2020-26797 | Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::... | E S | |
| CVE-2020-26800 | A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially craft... | E | |
| CVE-2020-26801 | A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLit... | E | |
| CVE-2020-26802 | forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=l... | E | |
| CVE-2020-26803 | In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functio... | E | |
| CVE-2020-26804 | In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, ... | E | |
| CVE-2020-26805 | In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.ph... | E | |
| CVE-2020-26806 | admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP f... | E | |
| CVE-2020-26807 | SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissio... | | |
| CVE-2020-26808 | SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731... | E | |
| CVE-2020-26809 | SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authenticat... | E | |
| CVE-2020-26810 | SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthen... | | |
| CVE-2020-26811 | SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthen... | | |
| CVE-2020-26814 | SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacke... | | |
| CVE-2020-26815 | SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthori... | | |
| CVE-2020-26816 | SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key ... | | |
| CVE-2020-26817 | SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received ... | | |
| CVE-2020-26818 | SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows a... | | |
| CVE-2020-26819 | SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows a... | | |
| CVE-2020-26820 | SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authentica... | | |
| CVE-2020-26821 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise ... | | |
| CVE-2020-26822 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise ... | | |
| CVE-2020-26823 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise ... | | |
| CVE-2020-26824 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise ... | | |
| CVE-2020-26825 | SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthori... | | |
| CVE-2020-26826 | Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an atta... | | |
| CVE-2020-26828 | SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and ... | | |
| CVE-2020-26829 | SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, al... | | |
| CVE-2020-26830 | SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary aut... | | |
| CVE-2020-26831 | SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently va... | | |
| CVE-2020-26832 | SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_71... | E | |
| CVE-2020-26834 | SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bear... | | |
| CVE-2020-26835 | SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL wh... | | |
| CVE-2020-26836 | SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the applic... | | |
| CVE-2020-26837 | SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user t... | | |
| CVE-2020-26838 | SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and S... | | |
| CVE-2020-26839 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26840 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26841 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26843 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26844 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26846 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26847 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26851 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26860 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26862 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26863 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26864 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26865 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26866 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-26867 | ARC Informatique PcVue Deserialization of Untrusted Data | S | |
| CVE-2020-26868 | ARC Informatique PcVue Access to Critical Private Variable via Public Method | S | |
| CVE-2020-26869 | ARC Informatique PcVue Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2020-26870 | Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip ... | E S | |
| CVE-2020-26876 | The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended pa... | E | |
| CVE-2020-26877 | ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is... | | |
| CVE-2020-26878 | Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit ... | E | |
| CVE-2020-26879 | Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An una... | E | |
| CVE-2020-26880 | Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root... | | |
| CVE-2020-26882 | In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts mult... | | |
| CVE-2020-26883 | In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion du... | | |
| CVE-2020-26884 | RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated re... | | |
| CVE-2020-26885 | An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dn... | E | |
| CVE-2020-26886 | Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initializ... | E M | |
| CVE-2020-26887 | FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.... | E | |
| CVE-2020-26890 | Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON valu... | S | |
| CVE-2020-26891 | AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of ... | S | |
| CVE-2020-26892 | The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired... | S | |
| CVE-2020-26893 | An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed cop... | | |
| CVE-2020-26894 | LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malic... | E | |
| CVE-2020-26895 | Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signa... | | |
| CVE-2020-26896 | Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. Wh... | S | |
| CVE-2020-26897 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26898 | NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.... | | |
| CVE-2020-26899 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 befo... | | |
| CVE-2020-26900 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26901 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 bef... | | |
| CVE-2020-26902 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-26903 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26904 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26905 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26906 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40... | | |
| CVE-2020-26907 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-26908 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, ... | | |
| CVE-2020-26909 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-26910 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR... | | |
| CVE-2020-26911 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D... | | |
| CVE-2020-26912 | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.... | | |
| CVE-2020-26913 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2020-26914 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D62... | | |
| CVE-2020-26915 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-26916 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D... | | |
| CVE-2020-26917 | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 befor... | | |
| CVE-2020-26918 | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 befor... | | |
| CVE-2020-26919 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function leve... | KEV | |
| CVE-2020-26920 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-26921 | Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7,... | | |
| CVE-2020-26922 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7... | | |
| CVE-2020-26923 | Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 befo... | | |
| CVE-2020-26924 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 bef... | | |
| CVE-2020-26925 | NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.... | | |
| CVE-2020-26926 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, R... | | |
| CVE-2020-26927 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, ... | | |
| CVE-2020-26928 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, R... | | |
| CVE-2020-26929 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R62... | | |
| CVE-2020-26930 | NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings... | | |
| CVE-2020-26931 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 bef... | | |
| CVE-2020-26932 | debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_new... | | |
| CVE-2020-26933 | Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revis... | | |
| CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a cra... | S | |
| CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL i... | E S | |
| CVE-2020-26936 | Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.... | | |
| CVE-2020-26938 | In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter rec... | E | |
| CVE-2020-26939 | In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensit... | S | |
| CVE-2020-26941 | A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve a... | | |
| CVE-2020-26942 | An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allow... | | |
| CVE-2020-26943 | An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed... | | |
| CVE-2020-26944 | An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL inject... | E | |
| CVE-2020-26945 | MyBatis before 3.5.6 mishandles deserialization of object streams.... | S | |
| CVE-2020-26947 | monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with ... | S | |
| CVE-2020-26948 | Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.... | | |
| CVE-2020-26950 | In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resultin... | E | |
| CVE-2020-26951 | A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, e... | | |
| CVE-2020-26952 | Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruptio... | | |
| CVE-2020-26953 | It was possible to cause the browser to enter fullscreen mode without displaying the security UI; th... | | |
| CVE-2020-26954 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests ... | | |
| CVE-2020-26955 | When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent... | | |
| CVE-2020-26956 | In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and... | | |
| CVE-2020-26957 | OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. Th... | | |
| CVE-2020-26958 | Firefox did not block execution of scripts with incorrect MIME types when the response was intercept... | | |
| CVE-2020-26959 | During browser shutdown, reference decrementing could have occured on a previously freed object, res... | | |
| CVE-2020-26960 | If the Compact() method was called on an nsTArray, the array could have been reallocated without upd... | | |
| CVE-2020-26961 | When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the respo... | | |
| CVE-2020-26962 | Cross-origin iframes that contained a login form could have been recognized by the login autofill se... | | |
| CVE-2020-26963 | Repeated calls to the history and location interfaces could have been used to hang the browser. This... | | |
| CVE-2020-26964 | If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version pri... | | |
| CVE-2020-26965 | Some websites have a feature "Show Password" where clicking a button will change a password field in... | | |
| CVE-2020-26966 | Searching for a single word from the address bar caused an mDNS request to be sent on the local netw... | | |
| CVE-2020-26967 | When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox... | | |
| CVE-2020-26968 | Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of t... | | |
| CVE-2020-26969 | Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evid... | | |
| CVE-2020-26970 | When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stac... | | |
| CVE-2020-26971 | Certain blit values provided by the user were not properly constrained leading to a heap buffer over... | | |
| CVE-2020-26972 | The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former mu... | | |
| CVE-2020-26973 | Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. Thi... | | |
| CVE-2020-26974 | When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrec... | | |
| CVE-2020-26975 | When a malicious application installed on the user's device broadcast an Intent to Firefox for Andro... | | |
| CVE-2020-26976 | When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo... | | |
| CVE-2020-26977 | By attempting to connect a website using an unresponsive port, an attacker could have controlled the... | | |
| CVE-2020-26978 | Using techniques that built on the slipstream research, a malicious webpage could have exposed both ... | | |
| CVE-2020-26979 | When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a websit... | E S | |
| CVE-2020-26980 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26981 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26982 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26983 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26984 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26985 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26986 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26987 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26988 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26989 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers... | S | |
| CVE-2020-26990 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | S | |
| CVE-2020-26991 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A... | S | |
| CVE-2020-26992 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26993 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26994 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26995 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26996 | A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All... | | |
| CVE-2020-26997 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2... | | |
| CVE-2020-26998 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A... | S | |
| CVE-2020-26999 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A... | S |