CVE-2025-13920

creationtimestamp| type| source ---|---|--- 2026-01-24 15:59:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md6lhavi642c 2026-03-17 02:22:55+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-13920.yaml 2026-03-17...

CVE-2025-13920

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

CVE-2019-13920

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0 SP1. Some parts of the web application are not protected against Cross Site Request Forgery CSRF attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a...

CVE-2018-13920

Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439...

CVE-2024-13920

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...

CVE-2024-13920

creationtimestamp| type| source ---|---|--- 2025-03-20 15:43:43+00:00| seen| https://t.me/cvedetector/20732...

CVE-2024-13920

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...

CVE-2024-13920 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...

CVE-2024-13920

CVE-2024-13920 affects the WordPress plugin Order Export & Order Import for WooCommerce (

CVE-2024-13920 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents ...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX...

Debian: Security Advisory (DLA-3657-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3657-1] activemq security update

Debian LTS Advisory DLA-3657-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 20, 2023 https://wiki.debian.org/LTS Package : activemq Version : 5.15.16-0+deb10u1 CVE ID : CVE-2020-13920 CVE-2021-26117 CVE-2023-46604 Debian Bug : 1054909 982590 Several...

Debian dla-3657 : activemq - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3657 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3657-1 [email protected]...

CVE-2017-13920

Rejected reason: This candidate is unused by its CNA...

FreeBSD : nexus2-oss -- Apache ActiveMQ JMX vulnerability (730e922f-20e7-11ec-a574-080027eedc6a)

Sonatype reports : - CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

An update to the Red Hat Integration Camel Quarkus tech preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.4 release and security update

A minor version update from 1.3 to 1.4 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)

Summary Apache ActiveMQ is vulnerable to a man-in-the-middle attack. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI registry. By creating another serv...

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)

Summary An Apache ActiveMQ man-in-the-middle vulnerability was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2020-13920 DESCRIPTION: Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to the JMX RMI...