Total
29924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20741 | 1 Beckhoff | 1 Cx9020 | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect. | |||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2026-06-17 | 6.4 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | |||||
| CVE-2020-20096 | 1 Whatsapp | 1 Whatsapp | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | |||||
| CVE-2020-20095 | 1 Apple | 1 Imessage | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | |||||
| CVE-2020-20094 | 1 Facebook | 1 Instagram | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | |||||
| CVE-2020-20093 | 1 Facebook | 1 Messenger | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | |||||
| CVE-2020-1994 | 1 Paloaltonetworks | 1 Pan-os | 2026-06-17 | 4.9 MEDIUM | 4.1 MEDIUM |
| A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-1938 | 7 Apache, Blackberry, Debian and 4 more | 21 Geode, Tomcat, Good Control and 18 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. | |||||
| CVE-2020-1795 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2026-06-17 | 2.1 LOW | 2.4 LOW |
| There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | |||||
| CVE-2020-1774 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2026-06-17 | 4.0 MEDIUM | 4.5 MEDIUM |
| When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. | |||||
| CVE-2020-1767 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2026-06-17 | 3.5 LOW | 3.5 LOW |
| Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | |||||
| CVE-2020-1765 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2026-06-17 | 5.0 MEDIUM | 3.5 LOW |
| An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | |||||
| CVE-2020-1761 | 1 Redhat | 1 Openshift | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. | |||||
| CVE-2020-1710 | 1 Redhat | 4 Jboss Data Grid, Jboss Enterprise Application Platform, Openshift Application Runtimes and 1 more | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | |||||
| CVE-2020-1695 | 2 Fedoraproject, Redhat | 2 Fedora, Resteasy | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | |||||
| CVE-2020-1690 | 1 Redhat | 2 Openstack-selinux, Openstack Platform | 2026-06-17 | 4.9 MEDIUM | 6.5 MEDIUM |
| An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. | |||||
| CVE-2020-1147 | 1 Microsoft | 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1118 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | |||||
| CVE-2020-19896 | 1 1234n | 1 Minicms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | |||||
| CVE-2020-19778 | 1 Shopxo | 1 Shopxo | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. | |||||
