Skip to main content
CVE-2019-10263 MEDIUM POC This Month

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloud Backup Suite
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14228 MEDIUM POC This Month

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Xavier
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2019-13387 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-14275 MEDIUM POC This Month

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fig2Dev Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-14274 MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp Backports Sle Leap
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-1010147 MEDIUM POC This Month

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Remedy Smart Reporting Yellowfin Bi
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13385 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
2.0%
CVE-2019-14283 MEDIUM PATCH This Month

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2019-13955 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2019-13954 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2019-5605 MEDIUM This Month

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-14284 MEDIUM PATCH This Month

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.7%
CVE-2019-13588 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Wikindx
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6002 MEDIUM This Month

Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Central Dogma
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10976 MEDIUM This Month

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Electric Fr Configurator2 Firmware
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-10974 MEDIUM This Month

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Energyplus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10972 MEDIUM This Month

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Electric Fr Configurator2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-14280 MEDIUM POC This Month

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Craft Cms
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
8.0%
CVE-2019-13057 MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
4.9
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy