Skip to main content
CVE-2019-10045 MEDIUM POC This Month

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Pydio
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-12500 MEDIUM POC This Month

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M365 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-12495 MEDIUM POC PATCH This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tinycc
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-10047 MEDIUM POC This Month

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pydio
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10046 MEDIUM POC This Month

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pydio
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-10323 MEDIUM POC This Month

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jenkins Artifactory
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2019-10322 MEDIUM POC This Month

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jenkins Artifactory
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-10324 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Artifactory
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-12507 MEDIUM PATCH This Month

An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phprelativepath
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-10325 MEDIUM PATCH This Month

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Warnings Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-10326 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Warnings Next Generation
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-10321 MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Artifactory
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy