Skip to main content
CVE-2019-1010241 MEDIUM POC This Month

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins Information Disclosure Credentials Binding
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1010113 MEDIUM POC This Month

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cleditor
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13972 MEDIUM POC This Month

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Layerbb
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13971 MEDIUM POC This Month

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13970 MEDIUM POC PATCH This Month

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Antsword
NVD GitHub
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-13977 MEDIUM POC This Month

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ovidentia
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.5%
CVE-2019-13981 MEDIUM POC This Month

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus 7 Api
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-5680 MEDIUM This Month

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Jetson Tx1 Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-13991 MEDIUM This Month

Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arduino Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-12453 MEDIUM This Month

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microstrategy Web
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1010247 MEDIUM PATCH This Month

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mod Auth Openidc
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11989 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service HP Red Hat Microsoft Apache +2
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2019-12820 MEDIUM This Month

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure I3 Firmware
NVD
CVSS 3.0
5.6
EPSS
0.5%
CVE-2019-13648 MEDIUM PATCH This Month

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-13982 MEDIUM PATCH This Month

interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Directus 7
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-12821 MEDIUM This Month

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE I3 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-1167 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control. Rated medium severity (CVSS 4.1).

Authentication Bypass Microsoft Powershell Core
NVD
CVSS 3.0
4.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy