Skip to main content
CVE-2019-12251 HIGH POC This Week

sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ucms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12269 HIGH POC This Week

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12253 MEDIUM POC This Month

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Little Forum
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-12189 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.9%
CVE-2019-12250 MEDIUM POC This Month

IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Identityserver4
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12190 MEDIUM POC This Month

XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD GitHub
CVSS 3.0
5.4
EPSS
5.3%
CVE-2019-12270 HIGH This Week

OpenText Brava!. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Microsoft Information Disclosure Brava
NVD
CVSS 3.0
7.4
EPSS
1.5%
CVE-2019-12252 MEDIUM POC This Month

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.4%
CVE-2019-6513 MEDIUM This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Api Manager
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2019-10320 MEDIUM PATCH This Month

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Credentials
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-10319 MEDIUM This Month

A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pluggable Authentication Module
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy