Skip to main content
CVE-2019-12476 MEDIUM POC This Month

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.0
6.8
EPSS
1.5%
CVE-2019-12789 MEDIUM POC This Month

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure T2200H Firmware
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2019-11408 MEDIUM POC PATCH This Month

XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection RCE PHP Fusionpbx
NVD GitHub
CVSS 3.0
6.1
EPSS
6.9%
CVE-2019-12865 MEDIUM POC This Month

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-4173 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-12801 MEDIUM POC This Month

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Seeddms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-6323 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-10997 MEDIUM This Month

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Axc F 2152 Firmware Axc F 2152 Starterkit Firmware
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-4136 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Controller
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5017 MEDIUM This Month

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8000 Firmware Netusb Ko
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-12497 MEDIUM This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2019-4176 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Cognos Controller
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-6324 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-12248 MEDIUM This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy