Skip to main content
CVE-2019-6726 MEDIUM POC This Month

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Wp Fastest Cache
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2019-1020006 MEDIUM POC PATCH This Month

invenio-app before 1.1.1 allows host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Invenio App
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1020019 MEDIUM POC PATCH This Month

invenio-previewer before 1.0.0a12 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Invenio Previewer
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1020010 MEDIUM POC This Month

Misskey before 10.102.4 allows hijacking a user's token. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Misskey
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11199 MEDIUM POC This Month

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-13655 MEDIUM This Month

Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imgix
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-1020008 MEDIUM This Month

stacktable.js before 1.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stacktable Js
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1020016 MEDIUM This Month

ASH-AIO before 2.0.0.3 allows an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ash Aio
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1020014 MEDIUM PATCH This Month

docker-credential-helpers before 0.6.3 has a double free in the List functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Docker Information Disclosure Credential Helpers Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-1020007 MEDIUM This Month

Dependency-Track before 3.5.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dependency Track
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-1020005 MEDIUM PATCH This Month

invenio-communities before 1.0.0a20 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Invenio Communities
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1020003 MEDIUM PATCH This Month

invenio-records before 1.2.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Invenio Records
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1105 MEDIUM PATCH This Month

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Google Outlook
NVD
CVSS 3.0
5.4
EPSS
1.8%
CVE-2019-12743 MEDIUM This Month

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Social Network Kit
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-1020017 MEDIUM PATCH This Month

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-1020013 MEDIUM PATCH This Month

parse-server before 3.6.0 allows account enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Parse Server
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-14415 MEDIUM This Month

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Resiliency Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy