Skip to main content
CVE-2019-8404 MEDIUM POC This Month

An issue was discovered in Webiness Inventory 2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Webiness Inventory
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
8.0%
CVE-2019-11846 MEDIUM POC This Month

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-11845 MEDIUM POC This Month

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sp 4510Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-8391 MEDIUM POC This Month

qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qdpm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.3%
CVE-2019-8390 MEDIUM POC This Month

qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qdpm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
9.8%
CVE-2019-11419 MEDIUM POC This Month

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Google Denial Of Service Wechat
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
4.0%
CVE-2019-12087 MEDIUM POC This Month

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung S9 Firmware S10 Firmware Xcover 4 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-6576 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-11397 MEDIUM This Month

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Rapid4 Net Framework
NVD
CVSS 3.0
6.5
EPSS
5.5%
CVE-2019-0293 MEDIUM This Month

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Sap Solution Manager System
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-0298 MEDIUM This Month

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP E Commerce
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11205 MEDIUM This Month

The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11844 MEDIUM This Month

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sp 4520Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6516 MEDIUM This Month

An issue was discovered in WSO2 Dashboard Server 2.0.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Dashboard Server
NVD
CVSS 3.0
5.8
EPSS
1.6%
CVE-2019-0291 MEDIUM This Month

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Solution Manager
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-10917 MEDIUM This Month

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Wincc Simatic Wincc Tia Portal Simatic Wincc Runtime Professional
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-6577 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-11206 MEDIUM This Month

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-6515 MEDIUM PATCH This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Api Manager
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-6514 MEDIUM PATCH This Month

An issue was discovered in WSO2 Dashboard Server 2.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dashboard Server
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2019-6512 MEDIUM This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Api Manager
NVD
CVSS 3.0
4.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy