Skip to main content
CVE-2019-11878 MEDIUM POC This Month

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Besder Ip20H1 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-5438 MEDIUM POC PATCH This Month

Path traversal using symlink in npm harp module versions <= 0.29.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Harp
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-5437 MEDIUM POC PATCH This Month

Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Harp
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-5676 MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft RCE Gpu Display Driver Geforce Experience
NVD VulDB
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-11000 MEDIUM This Month

An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3566 MEDIUM This Month

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-5677 MEDIUM This Month

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Buffer Overflow Microsoft +1
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-11879 MEDIUM This Month

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apache Webrick
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-4204 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-11871 MEDIUM This Month

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Custom Field Suite
NVD
CVSS 3.0
5.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy