145 CVEs published in 2020. 145 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
145 fix guides from 2020 ⚠ 145 actively exploited (CISA KEV)CVE-2020-0618 - Remote Code Execution in Microsoft SQL Server. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2020-0646: Remote Code Execution in Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2. Patch commands and verification.
CVE-2020-0796 is a buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-10148: CWE-288 Authentication Bypass Using an Alternate Path or Channel in Orion Platform. Patch commands and verification.
CVE-2020-10181 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-10189 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-1040 is a remote code execution in Microsoft Windows Server. CVSS 9 Critical. Patch commands, mitigations, and verification.
CVE-2020-10987 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-11651 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-12271 is a n/a in the vendor n/a. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-12641 improper neutralization of special elements used in an os command ('os command i in Roundcube Webmail. Runnable upgrade comma
CVE-2020-12812 is a improper access control in Fortinet FortiOS. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-1350 is a remote code execution in Microsoft Windows Server. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-13927 is a missing authentication in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run t
CVE-2020-14644 - Remote Code Execution in WebLogic Server. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2020-14750: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-14871: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Or
CVE-2020-14882: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-15069 - Remote Code Execution in XG Firewall. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-15415 - Command Injection in Multiple Vigor Routers. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2020-15505 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-15999 is a heap buffer overflow in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16010 is a heap buffer overflow in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16017 is a use after free in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2020-16846 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-17463 is a SQL injection in FUEL CMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-17496 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-17519 - Files Accessible to External Parties in Apache Flink. Runnable patch commands, mitigation snippets, and verification steps
CVE-2020-17530 is a neutralization of special elements used in in Apache Struts. This page lists verified fix commands and short-term mitiga
CVE-2020-1938 is a security vulnerability in Apache Tomcat. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2020-2021: Improper Verification of Cryptographic Signature in Palo Alto Networks PAN-OS. Runnable fix commands and patched builds.
CVE-2020-2509: Command Injection in QNAP Network-Attached Storage (NAS). Runnable fix commands and patched builds.
CVE-2020-25213 is a n/a in the vendor n/a. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2020-25223 is a OS Command Injection flaw in Sophos SG UTM. Actively exploited per CISA KEV. Verified patched builds and runnable fix co
CVE-2020-25506 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-2551 is a security vulnerability in Weblogic Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-2555: Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. S
CVE-2020-26919 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-2883 - Security Vulnerability in WebLogic Server. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2020-29557 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-29574 - SQL Injection in CyberoamOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-3161 is a improper input validation in Cisco IP phone. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-3952 is a critical information disclosure in VMware vCenter Server. CVSS 9.8 Critical. Patch commands, mitigations, and verificatio
CVE-2020-3992 is a remote code execution vulnerability in VMware ESXi. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-4006: Command Injection in VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware I
CVE-2020-4427 is a bypass security in IBM Data Risk Manager. CVSS 9 Critical. Patch commands, mitigations, and verification.
CVE-2020-4428 is a gain access in IBM Data Risk Manager. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2020-5135 is a Buffer Overflow flaw in SonicWall SonicOS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2020-5722 is a SQL injection in Grandstream UCM6200 Series. This page lists verified fix commands and short-term mitigations you can run
CVE-2020-5847 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-5902 is a rce in F5 BIG-IP. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-6207: Missing Authentication Check in SAP Solution Manager (User Experience Monitoring). Patch commands and verification.
CVE-2020-6287: Missing Authentication Check in SAP NetWeaver AS JAVA (LM Configuration Wizard). Patch commands and verification.
CVE-2020-7247: Improper Handling of Exceptional Conditions in OpenBSD OpenSMTPD. Runnable fix commands and patched builds.
CVE-2020-7796 - Server-Side Request Forgery in Zimbra Collaboration Suite. Runnable patch commands and verification on this page.
CVE-2020-7961 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8515 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8599: Arbitrary File Upload Directory Traversal in Trend Micro OfficeScan, Trend Micro Apex One. Patch commands and verification.
CVE-2020-8644 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8657 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2020-8816 is an OS command injection in Pi. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9054: OS Command Injection in Zyxel Multiple Network-Attached Storage (NAS) Devices. Runnable fix commands and patched builds.
CVE-2020-0041 is an improper input validation in Android. This page lists verified fix commands and short-term mitigations you can run today
CVE-2020-0069 is an out-of-bounds write in Android. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-0601 is a spoofing in Microsoft Windows. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2020-0638: Improper Link Resolution Before File Access in Microsoft Update Notification Manager. Runnable fix commands and patched build
CVE-2020-0674 is a remote code execution in Microsoft Internet Explorer 10. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-0683 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-0688 is a remote code execution in Microsoft Exchange Server 2013. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-0787 is a link resolution before file access in Microsoft Windows. This page lists verified fix commands and short-term mitigations
CVE-2020-0938 is a remote code execution in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-0968 is a remote code execution in Microsoft Internet Explorer 9. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-0986 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-10199 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1020 is a remote code execution in Microsoft Windows. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-10221 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1027 is a Out-of-Bounds Write flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix
CVE-2020-1054 is a elevation of privilege in Microsoft Windows. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-11261 is an improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Sna
CVE-2020-1147 is a remote code execution in Microsoft SharePoint Enterprise Server. CVSS 7.8 High. Patch commands, mitigations, and verifica
CVE-2020-11738 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-11978 is an OS command injection in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run to
CVE-2020-13671 is an unrestricted file upload in Drupal Core. This page lists verified fix commands and short-term mitigations you can run t
CVE-2020-1380 is a scripting engine memory corruption in Microsoft Internet Explorer 11. CVSS 7.8 High. Patch commands, mitigations, and ver
CVE-2020-1464 is a windows spoofing in Microsoft Windows 10 Version 1803. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-14864 is a security vulnerability in Business Intelligence Enterprise Edition. This page lists verified fix commands and short-term
CVE-2020-14883: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2020-16009 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-16013 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-1631 is a Path Traversal flaw in Juniper Junos OS. Actively exploited per CISA KEV. Verified patched builds and runnable fix comman
CVE-2020-17087: Windows Kernel Local Elevation of Privilege in Windows 10 Version 1803. Patch commands and verification.
CVE-2020-17144: Microsoft Exchange Remote Code Execution in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31. Patch commands a
CVE-2020-1956 is a OS Command Injection flaw in Apache Kylin. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2020-24363 - Security Vulnerability in TL-WA855RE. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-24557 is a improper access control privilege escalation in Trend Micro Apex One. CVSS 7.8 High. Patch commands, mitigations, and ve
CVE-2020-2506: Improper Access Control in QNAP Systems Helpdesk. Runnable fix commands and patched builds.
CVE-2020-25078 - Security Vulnerability in DCS-2530L and DCS-2670L Devices. Runnable patch commands and verification on this page.
CVE-2020-25079 - Command Injection in DCS-2530L and DCS-2670L Devices. Runnable patch commands, mitigation snippets, and verification steps
CVE-2020-27930 is an out-of-bounds write in Apple iOS and iPadOS. This page lists verified fix commands and short-term mitigations you can r
CVE-2020-27932 is an access of resource using incompatible type in Apple iOS and iPadOS. This page lists verified fix commands and short-ter
CVE-2020-28949 is a security vulnerability in Archive Tar. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-3118: Cisco IOS XR Software Cisco Discovery Protocol Format String in Cisco IOS XR Software. Patch commands and verification.
CVE-2020-3259 security vulnerability in Cisco Adaptive Security Appliance (Asa) Software. Runnable upgrade commands and verification steps f
CVE-2020-3433 security vulnerability in Cisco Anyconnect Secure Mobility Client. Runnable upgrade commands and verification steps for sysadm
CVE-2020-3452 is an improper input validation in Cisco Adaptive Security Appliance (ASA) Software. This page lists verified fix commands and
CVE-2020-3566 is a cisco ios xr software dvmrp memory exhaustion in Cisco IOS XR Software. CVSS 8.6 High. Patch commands, mitigations, and v
CVE-2020-3569: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities in Cisco IOS XR Software. Patch commands and verification.
CVE-2020-36193 improper link resolution before file access ('link following') in Archive Tar. Runnable upgrade commands and verification ste
CVE-2020-3837 is a out-of-bounds write in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-3950: Privilege escalation vulnerability in VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac. Patch commands
CVE-2020-5410: CWE-23: Relative Path Traversal in VMware Tanzu Spring Cloud Configuration (Config) Server. Runnable fix commands and patched
CVE-2020-5735 is a stack buffer overflow in Amcrest. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-5741 deserialization of untrusted data in Plex Media Server (Windows). Runnable upgrade commands and verification steps for sysadmi
CVE-2020-5849 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2020-6418 is a type confusion in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-6572 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-6819: Use-after-free while running the nsDocShell destructor in Thunderbird. Patch commands and verification.
CVE-2020-6820 is a use-after-free when handling a readablestream in Mozilla Thunderbird. CVSS 8.1 High. Patch commands, mitigations, and ver
CVE-2020-8218: Code Injection in Pulse Secure Pulse Connect Secure. Runnable fix commands and patched builds.
CVE-2020-8243 is a code injection (cwe-94) in Pulse Secure Pulse Connect Secre. CVSS 7.2 High. Patch commands, mitigations, and verification
CVE-2020-8260: Unrestricted Upload of File with Dangerous Type (CWE-434) in Pulse Connect Secure / Pulse Policy Secure. Patch commands and v
CVE-2020-8467 is a rce in Trend Micro OfficeScan, Trend Micro Apex One. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2020-8468: Content Validation Escape in Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS). P
CVE-2020-8655 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2020-9377 is a OS Command Injection flaw in D-Link DIR-610 Devices. Actively exploited per CISA KEV. Verified patched builds and runnabl
CVE-2020-9715 - Use-After-Free in Adobe Acrobat and Reader. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2020-9818 is an out-of-bounds write in iOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9859 is a double free in Apple macOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9907 is a out-of-bounds write in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2020-0878 is a microsoft browser memory corruption in Microsoft ChakraCore. CVSS 4.2 Medium. Patch commands, mitigations, and verificati
CVE-2020-11023 - Cross-Site Scripting in jQuery. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-11652 is a n/a in the vendor n/a. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2020-11899 is an out-of-bounds read in The Treck. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-13965 - Cross-Site Scripting in Webmail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2020-1472: Netlogon Elevation of Privilege in Windows Server version 2004. Patch commands and verification.
CVE-2020-27950 is an initialization in Apple iOS and iPadOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2020-3153 security vulnerability in Cisco Anyconnect Secure Mobility Client. Runnable upgrade commands and verification steps for sysadm
CVE-2020-35730 improper neutralization of input during web page generation ('cross-site scripti in Roundcube Webmail. Runnable upgrade comma
CVE-2020-3580: Cross-Site Scripting in Cisco Adaptive Security Appliance (ASA) Software. Patch commands and verification.
CVE-2020-4430 is a obtain information in IBM Data Risk Manager. CVSS 4.3 Medium. Patch commands, mitigations, and verification.
CVE-2020-8193: Improper Access Control - Generic (CWE-284) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verificati
CVE-2020-8195: Improper Input Validation (CWE-20) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verification.
CVE-2020-8196: Improper Access Control - Generic (CWE-284) in Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP. Patch commands and verificati
CVE-2020-9819 is an out-of-bounds write in iOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2020-9934 is a security vulnerability in Ios. Patched version, runnable upgrade commands, and how to verify the fix landed.