Skip to main content
CVE-2019-14982 MEDIUM POC PATCH This Month

In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-14976 MEDIUM POC This Month

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14950 MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-14947 MEDIUM POC This Month

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-14946 MEDIUM POC This Month

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14945 MEDIUM POC This Month

The ultimate-member plugin before 2.0.54 for WordPress has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-14948 MEDIUM POC This Month

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ppom For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14981 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-14980 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-14940 MEDIUM This Month

In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Storage Performance Development Kit
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-14967 MEDIUM PATCH This Month

An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Frappe
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-14949 MEDIUM This Month

The wp-database-backup plugin before 5.1.2 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Database Backup
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14939 MEDIUM PATCH This Month

An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Node.js Information Disclosure MySQL
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13417 MEDIUM This Month

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Search Guard
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy