Skip to main content
CVE-2019-7386 MEDIUM POC This Month

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia RCE Denial Of Service Kaios 8810 4G Firmware
NVD VulDB
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-9904 MEDIUM POC This Month

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphviz
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-9903 MEDIUM POC This Month

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poppler Fedora Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-7441 MEDIUM POC This Month

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Paypal Checkout Payment Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
5.9%
CVE-2019-7440 MEDIUM POC This Month

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-7439 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.8%
CVE-2019-7436 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Opensource Classified Ads Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7434 MEDIUM POC This Month

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Rental Bike Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7431 MEDIUM POC This Month

PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Image Sharing Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7429 MEDIUM POC This Month

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Property Rental Software
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-6273 MEDIUM POC THREAT This Month

download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.5%
CVE-2019-8938 MEDIUM POC This Month

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vertrigoserv
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7438 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
CVE-2019-7437 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Opensource Classified Ads Script
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7425 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2019-7424 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7423 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7422 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7421 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7420 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7419 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7418 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-7417 MEDIUM POC This Month

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ericsson Active Library Explorer
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7416 MEDIUM POC This Month

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7299 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Support Plus Responsive Ticket System
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-7222 MEDIUM POC PATCH This Month

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora Leap +15
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-6501 MEDIUM POC PATCH This Month

In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-6492 MEDIUM POC This Month

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smart Defrag
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-6454 MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Systemd Leap +20
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2019-3832 MEDIUM POC PATCH This Month

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libsndfile Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-7432 MEDIUM POC This Month

PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rental Bike Script
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7223 MEDIUM POC This Month

InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Invoiceplane
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-7435 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Opensource Classified Ads Script
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2019-7430 MEDIUM POC This Month

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Image Sharing Script
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2019-6735 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2019-6734 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.2%
CVE-2019-6733 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2019-6732 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2019-6728 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2019-0191 MEDIUM PATCH This Month

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-9837 MEDIUM PATCH This Month

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Openid Connect
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-9094 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9093 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8997 MEDIUM This Month

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Athoc
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2019-6702 MEDIUM This Month

The MasterCard Qkr!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Qkr With Masterpass
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-9857 MEDIUM PATCH This Month

In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-5011 MEDIUM This Month

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cleanmymac X
NVD
CVSS 3.1
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy