Skip to main content
CVE-2019-11869 MEDIUM POC This Month

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Yuzo
NVD
CVSS 3.0
6.1
EPSS
5.3%
CVE-2019-11836 MEDIUM POC This Month

The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Rediffmail
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2019-11840 MEDIUM PATCH This Month

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Crypto Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
2.1%
CVE-2019-4072 MEDIUM This Month

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2019-11870 MEDIUM This Month

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serendipity
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-1568 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Demisto
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11323 MEDIUM This Month

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Haproxy
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-6544 MEDIUM This Month

GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Ge Communicator
NVD
CVSS 3.1
5.6
EPSS
1.2%
CVE-2019-11820 MEDIUM This Month

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Synology Information Disclosure Calendar
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-0226 MEDIUM PATCH This Month

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
CVSS 3.0
4.9
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy