Search
On this page ▾

KEV 2020

146 CISA Known Exploited Vulnerabilities from 2020

Critical 60

February 2026

CVE-2020-7796

Synacor Zimbra Collaboration Suite — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

CVSS 9.8

February 2025

CVE-2020-15069

Sophos XG Firewall — Sophos XG Firewall Buffer Overflow Vulnerability

CVSS 9.8
CVE-2020-29574

Sophos CyberoamOS — CyberoamOS (CROS) SQL Injection Vulnerability

CVSS 9.8

January 2025

CVE-2020-2883

Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability

CVSS 9.8

September 2024

CVE-2020-15415

DrayTek Multiple Vigor Routers — DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

CVSS 9.8
CVE-2020-14644

Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability

CVSS 9.8

November 2023

CVE-2020-2551

Oracle Fusion Middleware — Oracle Fusion Middleware Unspecified Vulnerability

CVSS 9.8

June 2023

CVE-2020-12641

Roundcube Roundcube Webmail — Roundcube Webmail Remote Code Execution Vulnerability

CVSS 9.8

April 2022

CVE-2020-2509

QNAP QNAP Network-Attached Storage (NAS) — QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

CVSS 9.8

March 2022

CVE-2020-2021

Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVSS 10
CVE-2020-25223

Sophos SG UTM — Sophos SG UTM Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-7247

OpenBSD OpenSMTPD — OpenSMTPD Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-9054

Zyxel Multiple Network-Attached Storage (NAS) Devices — Zyxel Multiple NAS Devices OS Command Injection Vulnerability

CVSS 9.8
CVE-2020-5135

SonicWall SonicOS — SonicWall SonicOS Buffer Overflow Vulnerability

CVSS 9.8
CVE-2020-1938

Apache Tomcat — Apache Tomcat Improper Privilege Management Vulnerability

CVSS 9.8

February 2022

CVE-2020-0796

Microsoft SMBv3 — Microsoft SMBv3 Remote Code Execution Vulnerability

CVSS 10

January 2022

CVE-2020-5722

Grandstream UCM6200 — Grandstream Networks UCM6200 Series SQL Injection Vulnerability

CVSS 9.8
CVE-2020-13927

Apache Airflow's Experimental API — Apache Airflow's Experimental API Authentication Bypass

CVSS 9.8

December 2021

CVE-2020-17463

Fuel CMS Fuel CMS — Fuel CMS SQL Injection Vulnerability

CVSS 9.8

November 2021

CVE-2020-1350

Microsoft Windows — Microsoft Windows DNS Server Remote Code Execution Vulnerability

CVSS 10
CVE-2020-14871

Oracle Solaris and Zettabyte File System (ZFS) — Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

CVSS 10
CVE-2020-25213

WordPress File Manager Plugin — WordPress File Manager Plugin Remote Code Execution Vulnerability

CVSS 10
CVE-2020-6287

SAP NetWeaver — SAP NetWeaver Missing Authentication for Critical Function Vulnerability

CVSS 10
CVE-2020-0646

Microsoft .NET Framework — Microsoft .NET Framework Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-10148

SolarWinds Orion — SolarWinds Orion Authentication Bypass Vulnerability

CVSS 9.8
CVE-2020-10181

Sumavision Enhanced Multimedia Router (EMR) — Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability

CVSS 9.8
CVE-2020-10189

Zoho ManageEngine — Zoho ManageEngine Desktop Central File Upload Vulnerability

CVSS 9.8
CVE-2020-10987

Tenda AC1900 Router AC15 Model — Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-11651

SaltStack Salt — SaltStack Salt Authentication Bypass Vulnerability

CVSS 9.8
CVE-2020-12271

Sophos SFOS — Sophos SFOS SQL Injection Vulnerability

CVSS 9.8
CVE-2020-12812

Fortinet FortiOS — Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

CVSS 9.8
CVE-2020-14750

Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-14882

Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-15505

MobileIron Core / Sentry / Connector — Unauthenticated RCE via Apache/Tomcat ACL Bypass and Hessian Java Deserialization

CVSS 9.8
CVE-2020-16846

SaltStack Salt — Unauthenticated RCE via Salt API SSH Client

CVSS 9.8
CVE-2020-17496

vBulletin vBulletin — vBulletin PHP Module Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-17530

Apache Struts — Apache Struts Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-25506

D-Link DNS-320 Device — D-Link DNS-320 Device Command Injection Vulnerability

CVSS 9.8
CVE-2020-2555

Oracle Multiple Products — Oracle Multiple Products Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-26919

NETGEAR JGS516PE Devices — Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability

CVSS 9.8
CVE-2020-29557

D-Link DIR-825 R1 Devices — D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability

CVSS 9.8
CVE-2020-29583

Zyxel Multiple Products — Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

CVSS 9.8
CVE-2020-3161

Cisco Cisco IP Phones — Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability

CVSS 9.8
CVE-2020-3952

VMware vCenter Server — VMware vCenter Server Information Disclosure Vulnerability

CVSS 9.8
CVE-2020-3992

VMware ESXi — VMware ESXi OpenSLP Use-After-Free Vulnerability

CVSS 9.8
CVE-2020-4427

IBM Data Risk Manager — IBM Data Risk Manager Security Bypass Vulnerability

CVSS 9.8
CVE-2020-5847

Unraid Unraid — Unraid Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-5902

F5 BIG-IP — F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability

CVSS 9.8
CVE-2020-6207

SAP Solution Manager — SAP Solution Manager Missing Authentication for Critical Function Vulnerability

CVSS 9.8
CVE-2020-7961

Liferay Liferay Portal — Liferay Portal Deserialization of Untrusted Data Vulnerability

CVSS 9.8
CVE-2020-8515

DrayTek Multiple Vigor Routers — Multiple DrayTek Vigor Routers Web Management Page Vulnerability

CVSS 9.8
CVE-2020-8599

Trend Micro Apex One and OfficeScan — Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability

CVSS 9.8
CVE-2020-8644

PlaySMS PlaySMS — PlaySMS Server-Side Template Injection Vulnerability

CVSS 9.8
CVE-2020-8657

EyesOfNetwork EyesOfNetwork — EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

CVSS 9.8
CVE-2020-15999

Google Chrome FreeType — Google Chrome FreeType Heap Buffer Overflow Vulnerability

CVSS 9.6
CVE-2020-16010

Google Chrome for Android UI — Google Chrome for Android UI Heap Buffer Overflow Vulnerability

CVSS 9.6
CVE-2020-16017

Google Chrome — Google Chrome Use-After-Free Vulnerability

CVSS 9.6
CVE-2020-4006

VMware Multiple Products — Multiple VMware Products Command Injection Vulnerability

CVSS 9.1
CVE-2020-4428

IBM Data Risk Manager — IBM Data Risk Manager Remote Code Execution Vulnerability

CVSS 9.1
CVE-2020-1040

Microsoft Hyper-V RemoteFX — Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

CVSS 9

High 70

April 2026

CVE-2020-9715

Adobe Acrobat & Reader — Heap Use-After-Free in PDF Object Processing Leading to Code Execution

CVSS 7.8

September 2025

CVE-2020-24363

TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability

CVSS 8.8

August 2025

CVE-2020-25079

D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

CVSS 8.8
CVE-2020-25078

D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability

CVSS 7.5

September 2024

CVE-2020-0618

Microsoft SQL Server — Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

CVSS 8.8

May 2024

CVE-2020-17519

Apache Flink — Apache Flink Improper Access Control Vulnerability

CVSS 7.5

February 2024

CVE-2020-3259

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Information Disclosure Vulnerability

CVSS 7.5

March 2023

CVE-2020-5741

Plex Media Server — Plex Media Server Remote Code Execution Vulnerability

CVSS 7.2

October 2022

CVE-2020-3433

Cisco AnyConnect Secure — Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

CVSS 7.8

August 2022

CVE-2020-28949

PEAR Archive_Tar — PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

CVSS 7.8
CVE-2020-36193

PEAR Archive_Tar — PEAR Archive_Tar Improper Link Resolution Vulnerability

CVSS 7.5

June 2022

CVE-2020-3837

Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability

CVSS 7.8
CVE-2020-9907

Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability

CVSS 7.8

May 2022

CVE-2020-0638

Microsoft Update Notification Manager — Microsoft Update Notification Manager Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-1027

Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability

CVSS 7.8

March 2022

CVE-2020-1631

Juniper Junos OS — Juniper Junos OS Path Traversal Vulnerability

CVSS 8.8
CVE-2020-1956

Apache Kylin — Apache Kylin OS Command Injection Vulnerability

CVSS 8.8
CVE-2020-9377

D-Link DIR-610 Devices — D-Link DIR-610 Devices Remote Command Execution

CVSS 8.8
CVE-2020-5410

VMware Tanzu Spring Cloud Configuration (Config) Server — VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

CVSS 7.5
CVE-2020-2506

QNAP Systems Helpdesk — QNAP Helpdesk Improper Access Control Vulnerability

CVSS 7.3
CVE-2020-8218

Pulse Secure Pulse Connect Secure — Pulse Connect Secure Code Injection Vulnerability

CVSS 7.2

January 2022

CVE-2020-11978

Apache Airflow — Apache Airflow Command Injection

CVSS 8.8
CVE-2020-13671

Drupal Drupal core — Drupal core Un-restricted Upload of File

CVSS 8.8
CVE-2020-6572

Google Chrome Media — Google Chrome Media Use-After-Free Vulnerability

CVSS 8.8
CVE-2020-0787

Microsoft Windows — Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability

CVSS 7.8
CVE-2020-14864

Oracle Intelligence Enterprise Edition — Oracle Business Intelligence Enterprise Edition Path Transversal

CVSS 7.5

December 2021

CVE-2020-11261

Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables — Qualcomm Multiple Chipsets Improper Input Validation Vulnerability

CVSS 7.8
CVE-2020-8816

Pi-hole AdminLTE — Pi-Hole AdminLTE Remote Code Execution Vulnerability

CVSS 7.2

November 2021

CVE-2020-0688

Microsoft Exchange Server — Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

CVSS 8.8
CVE-2020-10199

Sonatype Nexus Repository — Sonatype Nexus Repository Remote Code Execution Vulnerability

CVSS 8.8
CVE-2020-1020

Microsoft Windows — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

CVSS 8.8
CVE-2020-10221

rConfig rConfig — rConfig OS Command Injection Vulnerability

CVSS 8.8
CVE-2020-16009

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8
CVE-2020-16013

Google Chromium V8 — Google Chromium V8 Incorrect Implementation Vulnerabililty

CVSS 8.8
CVE-2020-3118

Cisco IOS XR — Cisco IOS XR Software Discovery Protocol Format String Vulnerability

CVSS 8.8
CVE-2020-5735

Amcrest Cameras and Network Video Recorder (NVR) — Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability

CVSS 8.8
CVE-2020-6418

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8
CVE-2020-8467

Trend Micro Apex One and OfficeScan — Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability

CVSS 8.8
CVE-2020-8468

Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents — Trend Micro Multiple Products Content Validation Escape Vulnerability

CVSS 8.8
CVE-2020-9818

Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability

CVSS 8.8
CVE-2020-3566

Cisco IOS XR — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

CVSS 8.6
CVE-2020-3569

Cisco IOS XR — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

CVSS 8.6
CVE-2020-17144

Microsoft Exchange Server — Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 8.4
CVE-2020-0601

Microsoft Windows — Microsoft Windows CryptoAPI Spoofing Vulnerability

CVSS 8.1
CVE-2020-6819

Mozilla Firefox and Thunderbird — Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

CVSS 8.1
CVE-2020-6820

Mozilla Firefox and Thunderbird — Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

CVSS 8.1
CVE-2020-0041

Android Android Kernel — Android Kernel Out-of-Bounds Write Vulnerability

CVSS 7.8
CVE-2020-0069

MediaTek Multiple Chipsets — Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

CVSS 7.8
CVE-2020-0683

Microsoft Windows — Microsoft Windows Installer Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-0938

Microsoft Windows — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

CVSS 7.8
CVE-2020-0986

Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-1054

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-1147

Microsoft .NET Framework, SharePoint, Visual Studio — Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

CVSS 7.8
CVE-2020-1380

Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

CVSS 7.8
CVE-2020-1464

Microsoft Windows — Microsoft Windows Spoofing Vulnerability

CVSS 7.8
CVE-2020-17087

Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-24557

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security — Trend Micro Multiple Products Improper Access Control Vulnerability

CVSS 7.8
CVE-2020-27930

Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability

CVSS 7.8
CVE-2020-27932

Apple Multiple Products — Apple Multiple Products Type Confusion Vulnerability

CVSS 7.8
CVE-2020-3950

VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulnerability

CVSS 7.8
CVE-2020-8655

EyesOfNetwork EyesOfNetwork — EyesOfNetwork Improper Privilege Management Vulnerability

CVSS 7.8
CVE-2020-9859

Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability

CVSS 7.8
CVE-2020-0674

Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

CVSS 7.5
CVE-2020-0968

Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

CVSS 7.5
CVE-2020-11738

WordPress Snap Creek Duplicator Plugin — WordPress Snap Creek Duplicator Plugin File Download Vulnerability

CVSS 7.5
CVE-2020-3452

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVSS 7.5
CVE-2020-5849

Unraid Unraid — Unraid Authentication Bypass Vulnerability

CVSS 7.5
CVE-2020-14883

Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability

CVSS 7.2
CVE-2020-8243

Ivanti Pulse Connect Secure — Ivanti Pulse Connect Secure Code Execution Vulnerability

CVSS 7.2
CVE-2020-8260

Ivanti Pulse Connect Secure — Ivanti Pulse Connect Secure Code Execution Vulnerability

CVSS 7.2

Medium 16

January 2025

CVE-2020-11023

JQuery JQuery — JQuery Cross-Site Scripting (XSS) Vulnerability

CVSS 6.9

June 2024

CVE-2020-13965

Roundcube Webmail — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1

June 2023

CVE-2020-35730

Roundcube Roundcube Webmail — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1

October 2022

CVE-2020-3153

Cisco AnyConnect Secure — Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability

CVSS 6.5

September 2022

CVE-2020-9934

Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Input Validation Vulnerability

CVSS 5.5

March 2022

CVE-2020-11899

Treck TCP/IP stack IPv6 — Treck TCP/IP stack Out-of-Bounds Read Vulnerability

CVSS 5.4

November 2021

CVE-2020-11652

SaltStack Salt — SaltStack Salt Path Traversal Vulnerability

CVSS 6.5
CVE-2020-8193

Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

CVSS 6.5
CVE-2020-8195

Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

CVSS 6.5
CVE-2020-3580

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1
CVE-2020-1472

Microsoft Netlogon 'ZeroLogon' — AES-CFB8 Zero-IV Authentication Bypass Allows Instant Domain Controller Takeover

CVSS 5.5
CVE-2020-27950

Apple Multiple Products — Apple Multiple Products Memory Initialization Vulnerability

CVSS 5.5
CVE-2020-4430

IBM Data Risk Manager — IBM Data Risk Manager Directory Traversal Vulnerability

CVSS 4.3
CVE-2020-8196

Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

CVSS 4.3
CVE-2020-9819

Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability

CVSS 4.3
CVE-2020-0878

Microsoft Edge and Internet Explorer — Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

CVSS 4.2
Gavin Hollinger & AI assembled this air-gap friendly HTML