Skip to main content
CVE-2019-8943 MEDIUM POC THREAT This Month

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
92.0%
CVE-2019-3474 MEDIUM POC This Month

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filr
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.0%
CVE-2019-8953 MEDIUM POC PATCH THREAT This Month

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Haproxy
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
52.2%
CVE-2019-8944 MEDIUM This Month

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Octopus Deploy Octopus Server
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-8331 MEDIUM PATCH This Month

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bootstrap Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +12
NVD GitHub
CVSS 3.1
6.1
EPSS
16.9%
CVE-2019-1003028 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Jms Messaging
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-1003027 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Octopusdeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-1003026 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Jenkins Java
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy