Skip to main content
CVE-2019-10657 MEDIUM POC This Month

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gwn7610 Firmware Gwn7000 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10646 MEDIUM POC This Month

Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-10654 MEDIUM POC This Month

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Long Range Zip
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-10649 MEDIUM POC This Month

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy