Skip to main content
CVE-2019-11517 MEDIUM POC This Month

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Wampserver
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2019-12387 MEDIUM POC PATCH This Month

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Twisted Fedora Ubuntu Linux Zfs Storage Appliance Kit +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-10226 MEDIUM POC This Month

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fat Free Crm
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
4.7%
CVE-2019-9881 MEDIUM POC THREAT This Month

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpgraphql
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
18.8%
CVE-2019-11881 MEDIUM POC This Month

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rancher
NVD GitHub
CVSS 3.0
4.7
EPSS
2.3%
CVE-2019-11877 MEDIUM This Month

XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lv Wr09 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5243 MEDIUM This Month

There is a Clickjacking vulnerability in Huawei HG255s product. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Hg255S Firmware
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy