Security Vulnerabilities - CVEs Published In August 2019
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-12
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
CVSS Score
9.1
EPSS Score
0.604
Published
2019-08-12
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-12
The ultimate-member plugin before 2.0.54 for WordPress has XSS.
CVSS Score
5.4
EPSS Score
0.007
Published
2019-08-12
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-08-12
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
CVSS Score
5.4
EPSS Score
0.007
Published
2019-08-12
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-08-12
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-12
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-12
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-12