Skip to main content
CVE-2019-3825 MEDIUM POC This Month

A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Gnome Display Manager Ubuntu Linux Enterprise Linux
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2019-7546 MEDIUM POC This Month

An issue was discovered in SIDU 6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sidu
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7543 MEDIUM POC This Month

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kindeditor
NVD GitHub
CVSS 3.0
6.1
EPSS
3.2%
CVE-2019-7545 MEDIUM POC This Month

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dbninja
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7544 MEDIUM POC This Month

An issue was discovered in MyWebSQL 3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mywebsql
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7547 MEDIUM POC This Month

An issue was discovered in SIDU 6.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sidu
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-3820 MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-6517 MEDIUM This Month

BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Facslyric Facslyric Ivd
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-1003022 MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins CSRF Monitoring
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1003012 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1003023 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins Warnings Next Generation
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6504 MEDIUM This Month

Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Automic Workload Automation
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2019-1003019 MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation Jenkins Github Oauth
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2019-1003013 MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-1003017 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2019-1003014 MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Config File Provider Openshift Container Platform
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-1003021 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid Connect Authentication
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003020 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Kanboard
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-1003018 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Oauth
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003010 MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy