Skip to main content
CVE-2019-11721 MEDIUM POC This Month

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-1010202 MEDIUM POC This Month

Jeesite 1.2.7 is affected by: XML External Entity (XXE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Java Information Disclosure Jeesite
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-11724 MEDIUM POC This Month

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mozilla Firefox Leap
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-1010162 MEDIUM POC This Month

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-1010124 MEDIUM POC This Month

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woocommerce Product Feed
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2019-11717 MEDIUM POC This Month

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Debian Linux +2
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-11695 MEDIUM POC This Month

A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-2861 MEDIUM POC PATCH This Month

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available.

XXE Oracle Hyperion Planning
NVD Exploit-DB
CVSS 3.0
4.2
EPSS
4.3%
CVE-2019-2862 MEDIUM PATCH This Month

Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Graalvm
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2019-2749 MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Java Denial Of Service Oracle Database Server
NVD
CVSS 3.0
6.8
EPSS
1.1%
CVE-2019-1010221 MEDIUM PATCH This Month

LineageOS 16.0 and earlier is affected by: Incorrect Access Control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Lineageos
NVD GitHub
CVSS 3.0
6.8
EPSS
0.4%
CVE-2019-2863 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-2848 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-2834 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-2825 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Applications Manager
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-2812 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-2805 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Ubuntu Linux +8
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2019-2795 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2781 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: XML Interface). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hospitality Suite8
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-2746 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Data Dictionary). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-2740 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux MariaDB +8
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2019-2599 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pagelet Wizard). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-1010201 MEDIUM This Month

Jeesite 1.2.7 is affected by: SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure Jeesite
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-11730 MEDIUM This Month

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Firefox Firefox Esr +4
NVD
CVSS 3.1
6.5
EPSS
20.3%
CVE-2019-11725 MEDIUM This Month

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Leap
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-11702 MEDIUM This Month

A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Mozilla Firefox
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-11700 MEDIUM This Month

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Mozilla Firefox
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-11699 MEDIUM This Month

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-11697 MEDIUM This Month

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-2831 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (subcomponent: Projects). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Fin Project Costing
NVD
CVSS 3.0
6.4
EPSS
1.0%
CVE-2019-2788 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools). Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

Denial Of Service Oracle Solaris
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2019-2878 MEDIUM PATCH This Month

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-2777 MEDIUM PATCH This Month

Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Core Server Framework
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-2772 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-2744 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Flexcube Universal Banking
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-2736 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Flexcube Investor Servicing
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1010199 MEDIUM PATCH This Month

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Servicestack
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11720 MEDIUM This Month

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Leap
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11715 MEDIUM This Month

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-11701 MEDIUM This Month

The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-1010207 MEDIUM This Month

Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pie Register
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-2751 MEDIUM PATCH This Month

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Http Server
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-9816 MEDIUM POC This Month

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Mozilla Memory Corruption Firefox Firefox Esr +1
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
6.2%
CVE-2019-1010206 MEDIUM This Month

OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apache Http Request
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-2783 MEDIUM PATCH This Month

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Payments
NVD
CVSS 3.0
5.8
EPSS
1.3%
CVE-2019-2773 MEDIUM PATCH This Month

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Payments
NVD
CVSS 3.0
5.8
EPSS
1.3%
CVE-2019-2847 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Investor Servicing
NVD
CVSS 3.0
5.7
EPSS
1.2%
CVE-2019-2840 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Universal Banking
NVD
CVSS 3.0
5.7
EPSS
1.2%
CVE-2019-2860 MEDIUM PATCH This Month

Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Clusterware
NVD
CVSS 3.0
5.6
EPSS
1.0%
CVE-2019-2877 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy