Skip to main content
CVE-2019-13488 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trape
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-13240 MEDIUM POC PATCH This Month

An issue was discovered in GLPI before 9.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.0
5.9
EPSS
1.7%
CVE-2019-5444 MEDIUM POC PATCH This Month

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Serve Here Js
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-13396 MEDIUM POC THREAT This Month

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Flightpath
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
62.6%
CVE-2019-5221 MEDIUM This Month

There is a path traversal vulnerability on Huawei Share. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Mate 20 X Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-12470 MEDIUM PATCH This Month

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-12469 MEDIUM PATCH This Month

MediaWiki through 1.32.1 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-13225 MEDIUM PATCH This Month

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference PHP Denial Of Service Oniguruma Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-0329 MEDIUM This Month

SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Information Steward
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0326 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0321 MEDIUM This Month

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap Netweaver As Abap
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0281 MEDIUM This Month

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openui5
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13122 MEDIUM This Month

A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Patchwork
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-12471 MEDIUM PATCH This Month

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-12724 MEDIUM PATCH This Month

An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS News
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11650 MEDIUM This Month

A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Netiq Advanced Authentication
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2019-12804 MEDIUM This Month

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure I Onenet
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0318 MEDIUM This Month

Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-10966 MEDIUM This Month

In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aestiva 7100 Firmware Aestiva 7900 Firmware Aespire 7100 Firmware Aespire 7900 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-12467 MEDIUM PATCH This Month

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-5445 MEDIUM This Month

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Edgeswitch Firmware
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2019-5220 MEDIUM This Month

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mate 20 X Firmware Mate 20 Firmware Honor Magic 2 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2019-0325 MEDIUM This Month

SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass SAP Erp Hcm
NVD
CVSS 3.0
4.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy