Skip to main content
CVE-2019-14679 MEDIUM POC This Month

core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Arprice Lite
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-14774 MEDIUM POC This Month

The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woo Variation Swatches
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-14772 MEDIUM POC PATCH This Month

verdaccio before 3.12.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Verdaccio
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14683 MEDIUM POC This Month

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Import Users From Csv With Meta
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2019-14680 MEDIUM POC This Month

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Admin Renamer Extended
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-14221 MEDIUM POC This Month

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 1Crm On Premise
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-14682 MEDIUM POC This Month

The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Better Search Project
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-14353 MEDIUM POC This Month

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure One Firmware
NVD
CVSS 3.0
4.2
EPSS
0.4%
CVE-2019-1972 MEDIUM This Month

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1952 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-1953 MEDIUM This Month

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1946 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-5236 MEDIUM This Month

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emily L29C Firmware
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2019-12397 MEDIUM PATCH This Month

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ranger
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2019-1954 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-14770 MEDIUM This Month

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop Core
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14769 MEDIUM This Month

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1951 MEDIUM This Month

A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan Firmware
NVD
CVSS 3.1
5.8
EPSS
1.5%
CVE-2019-14783 MEDIUM This Month

On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5239 MEDIUM This Month

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-14335 MEDIUM This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-1961 MEDIUM This Month

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2019-1973 MEDIUM This Month

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1956 MEDIUM This Month

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Spa112 2 Port Phone Adapter Firmware
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1949 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1960 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-1959 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy