Skip to main content
CVE-2019-3814 MEDIUM POC This Month

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Dovecot Ubuntu Linux Leap
NVD
CVSS 3.0
6.8
EPSS
2.5%
CVE-2019-9862 MEDIUM POC This Month

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-3840 MEDIUM POC This Month

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libvirt Leap
NVD
CVSS 3.0
6.3
EPSS
1.5%
CVE-2019-10238 MEDIUM POC This Month

Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sitemagic
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9917 MEDIUM PATCH This Month

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Znc Ubuntu Linux Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
3.1%
CVE-2019-5926 MEDIUM This Month

Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kinagacms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-3877 MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora Enterprise Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-10118 MEDIUM PATCH This Month

Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Snipe It
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-0161 MEDIUM PATCH This Month

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Edk Ii
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3847 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
4.8
EPSS
2.3%
CVE-2019-3828 MEDIUM PATCH This Month

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Path Traversal Ansible
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy