CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 1528
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-13294 In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. 4.2 1.22% 2020-08-10 2026-06-16
CVE-2020-13295 For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. 5.4 1.16% 2020-08-10 2026-06-16
CVE-2020-13278 Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. 6.1 1.43% 2020-08-12 2026-06-16
CVE-2020-13288 In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page 5.5 4.04% 2020-08-12 2026-06-16
CVE-2020-13290 In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page 7.5 1.11% 2020-08-12 2026-06-16
CVE-2020-13291 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. 8.1 0.96% 2020-08-12 2026-06-16
CVE-2020-13280 For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. 6.5 1.05% 2020-08-13 2026-06-16
CVE-2020-13282 For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. 3.1 0.68% 2020-08-13 2026-06-16
CVE-2020-13283 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. 7.3 0.85% 2020-08-13 2026-06-16
CVE-2020-13285 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. 7.3 1.01% 2020-08-13 2026-06-16
CVE-2020-13281 For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature 6.5 1.33% 2020-08-13 2026-06-16
CVE-2020-13286 For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. 6.4 0.74% 2020-08-13 2026-06-16
CVE-2020-13284 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token 6.5 1.09% 2020-09-14 2026-06-16
CVE-2020-13287 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues 4.3 1.21% 2020-09-14 2026-06-16
CVE-2020-13289 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. 5.4 0.69% 2020-09-14 2026-06-16
CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 8.1 1.23% 2020-09-14 2026-06-16
CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. 8.0 1.29% 2020-09-14 2026-06-16
CVE-2020-13316 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. 5.4 1.42% 2020-09-14 2026-06-16
CVE-2020-13318 A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. 6.4 0.98% 2020-09-14 2026-06-16
CVE-2020-13311 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. 4.3 1.50% 2020-09-14 2026-06-16
cvelogic Threat Intelligence