Skip to main content
CVE-2019-7570 MEDIUM POC This Month

A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pbootcms
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-7567 MEDIUM POC This Month

An issue was discovered in Waimai Super Cms 20150505. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7560 MEDIUM POC PATCH This Month

In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Boolector
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-7559 MEDIUM POC This Month

In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Btor2Tools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-1671 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1670 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1661 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Telepresence Management Suite
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1660 MEDIUM This Month

A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Telepresence Management Suite
NVD
CVSS 3.0
5.3
EPSS
2.2%
CVE-2019-7535 MEDIUM This Month

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Testrail
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-1679 MEDIUM This Month

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Telepresence Video Communication Server Telepresence Conductor
NVD
CVSS 3.1
5.0
EPSS
2.1%
CVE-2019-1677 MEDIUM This Month

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Cisco Google Webex Meetings
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-1680 MEDIUM This Month

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cisco Webex Business Suite Webex Meetings Online
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-1678 MEDIUM This Month

A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy