Skip to main content
CVE-2019-9149 MEDIUM POC This Month

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Mailvelope
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-13454 MEDIUM POC PATCH This Month

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
4.4%
CVE-2019-13450 MEDIUM POC This Month

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Ringcentral Zoom
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2019-13449 MEDIUM POC This Month

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Zoom
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-13472 MEDIUM POC This Month

PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpwind
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8920 MEDIUM POC This Month

iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13070 MEDIUM POC This Month

A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Powerpanel
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13146 MEDIUM POC PATCH This Month

The field_test gem 0.3.0 for Ruby has unvalidated input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Field Test
NVD GitHub
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-9148 MEDIUM POC This Month

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-13380 MEDIUM This Month

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hashicorp Team Password Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13397 MEDIUM This Month

Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Osticket
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-12748 MEDIUM PATCH This Month

TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Typo3
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-13142 MEDIUM This Month

The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Surround
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-9150 MEDIUM This Month

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-9147 MEDIUM This Month

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailvelope
NVD GitHub
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy