Security Vulnerabilities - CVEs Published In February 2020
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
CVSS Score
8.8
EPSS Score
0.726
Published
2020-02-05
Batavi before 1.0 has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-02-05
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-02-05
PHPShop through 0.8.1 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.157
Published
2020-02-05
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
CVSS Score
9.8
EPSS Score
0.432
Published
2020-02-05
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
CVSS Score
4.3
EPSS Score
0.054
Published
2020-02-05
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.
CVSS Score
6.1
EPSS Score
0.1
Published
2020-02-05
Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-05
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.
CVSS Score
7.5
EPSS Score
0.034
Published
2020-02-05