Skip to main content
CVE-2019-13504 MEDIUM POC This Month

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Exiv2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-13564 MEDIUM POC This Month

XSS exists in Ping Identity Agentless Integration Kit before 1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Agentless Integration Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-13562 MEDIUM POC This Month

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2019-12597 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12596 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12595 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12540 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.0
6.1
EPSS
2.3%
CVE-2019-12539 MEDIUM POC This Month

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-12537 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-13505 MEDIUM POC This Month

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-1010003 MEDIUM POC This Month

Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Leanote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-1010319 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010317 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010315 MEDIUM POC PATCH This Month

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-10349 MEDIUM POC PATCH This Month

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenkins Dependency Graph Viewer
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.9%
CVE-2019-13029 MEDIUM POC This Month

Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.5%
CVE-2019-0046 MEDIUM PATCH This Month

A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-10341 MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-10933 MEDIUM This Month

A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spectrum Power 3 Spectrum Power 4 Spectrum Power 5 Spectrum Power 7
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1010314 MEDIUM PATCH This Month

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitea
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13506 MEDIUM PATCH This Month

@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nuxt Devalue Nuxt Js
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-10346 MEDIUM PATCH This Month

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Embeddable Build Status
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-12529 MEDIUM PATCH This Month

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Squid Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
8.1%
CVE-2019-0048 MEDIUM PATCH This Month

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.8
EPSS
1.0%
CVE-2019-3415 MEDIUM This Month

ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Path Traversal Zxmw Nr8000 Firmware
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2019-10194 MEDIUM This Month

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ovirt Virtualization Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3889 MEDIUM This Month

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openshift Container Platform
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-5528 MEDIUM PATCH This Month

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service VMware ESXi
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-4131 MEDIUM PATCH This Month

IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Cloud Application Performance Management
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-4118 MEDIUM PATCH This Month

IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Multicloud Manager
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-4263 MEDIUM This Month

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Content Navigator
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-11268 MEDIUM This Month

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-10342 MEDIUM PATCH This Month

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy