CVE-2019-19837 — Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests.
Published: January 23, 2020; 08:15:12 AM -05:00

V3.1: 5.3 MEDIUM
    V2: 7.8 HIGH

CVE-2011-3612 — Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
Published: January 22, 2020; 01:15:11 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM

CVE-2019-16513 — An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
Published: January 23, 2020; 01:15:13 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM

CVE-2020-7937 — An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
Published: January 23, 2020; 04:15:13 PM -05:00

V3.1: 5.4 MEDIUM
    V2: 3.5 LOW

CVE-2020-7938 — plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level.
Published: January 23, 2020; 04:15:13 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM

CVE-2020-7939 — SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Published: January 23, 2020; 04:15:13 PM -05:00

V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM

CVE-2020-7104 — The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.
Published: January 17, 2020; 06:15:13 PM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

CVE-2020-7239 — The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent.
Published: January 21, 2020; 12:15:11 AM -05:00

V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

CVE-2020-7940 — Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
Published: January 23, 2020; 04:15:13 PM -05:00

V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM

CVE-2020-7941 — A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Published: January 23, 2020; 04:15:13 PM -05:00

V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH

CVE-2020-7244 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication c... read CVE-2020-7244
Published: January 20, 2020; 05:15:11 PM -05:00

V3.1: 7.2 HIGH
    V2: 9.0 HIGH

CVE-2020-7243 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved w... read CVE-2020-7243
Published: January 20, 2020; 05:15:11 PM -05:00

V3.1: 7.2 HIGH
    V2: 9.0 HIGH

CVE-2020-7242 — Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, auth... read CVE-2020-7242
Published: January 20, 2020; 05:15:11 PM -05:00

V3.1: 7.2 HIGH
    V2: 9.0 HIGH

CVE-2019-10958 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to... read CVE-2019-10958
Published: January 17, 2020; 01:15:12 PM -05:00

V3.1: 7.2 HIGH
    V2: 9.0 HIGH

CVE-2019-10957 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could lat... read CVE-2019-10957
Published: January 17, 2020; 01:15:12 PM -05:00

V3.1: 4.8 MEDIUM
    V2: 3.5 LOW

CVE-2019-10956 — Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.
Published: January 17, 2020; 01:15:12 PM -05:00

V3.1: 7.2 HIGH
    V2: 9.0 HIGH

CVE-2020-1788 — Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could... read CVE-2020-1788
Published: January 21, 2020; 06:15:13 PM -05:00

V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM

CVE-2020-7228 — The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
Published: January 22, 2020; 10:15:11 AM -05:00

V3.1: 5.4 MEDIUM
    V2: 3.5 LOW

CVE-2019-16512 — An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
Published: January 23, 2020; 01:15:13 PM -05:00

V3.1: 4.8 MEDIUM
    V2: 3.5 LOW

CVE-2020-5398 — In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response... read CVE-2020-5398
Published: January 16, 2020; 07:15:12 PM -05:00

V3.1: 7.5 HIGH
    V2: 7.6 HIGH