Skip to main content
CVE-2019-13617 MEDIUM POC This Month

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12834 MEDIUM POC This Month

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Learning Locker
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1010290 MEDIUM POC This Month

Babel: Multilingual site Babel All is affected by: Open Redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Bable
NVD
CVSS 3.0
6.1
EPSS
4.1%
CVE-2019-13603 MEDIUM POC This Month

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Digital Persona U Are U 4500 Driver Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-13615 MEDIUM POC This Month

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player
NVD GitHub
CVSS 3.0
5.5
EPSS
2.5%
CVE-2019-13383 MEDIUM POC THREAT This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
14.2%
CVE-2019-1010018 MEDIUM PATCH This Month

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Java Zammad
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3571 MEDIUM This Month

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsapp
NVD
CVSS 3.0
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy