Skip to main content
CVE-2019-13399 MEDIUM POC This Month

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Fcm Mb40 Firmware
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-12923 MEDIUM This Month

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailenable
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-12927 MEDIUM This Month

MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailenable
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-12930 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Wikindx
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-13414 MEDIUM PATCH This Month

The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Rencontre
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-2119 MEDIUM This Month

In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2019-2118 MEDIUM This Month

In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2117 MEDIUM This Month

In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2019-2113 MEDIUM This Month

In setup wizard there is a bypass of some checks when wifi connection is skipped. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2019-2104 MEDIUM This Month

In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy