Skip to main content
CVE-2019-14786 MEDIUM POC This Month

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Seo
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-14789 MEDIUM POC This Month

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Custom 404 Pro
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-14790 MEDIUM POC This Month

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Limb Gallery
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-14518 MEDIUM POC This Month

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-14800 MEDIUM POC This Month

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure Fv Flowplayer Video Player
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-15081 MEDIUM POC This Month

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.0%
CVE-2019-14795 MEDIUM POC This Month

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Toggle The Title
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2019-13515 MEDIUM This Month

OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pi Web Api
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-14784 MEDIUM This Month

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Cp Contact Form With Paypal
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13377 MEDIUM PATCH This Month

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
2.2%
CVE-2019-13223 MEDIUM PATCH This Month

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-13219 MEDIUM PATCH This Month

A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-13218 MEDIUM PATCH This Month

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-10140 MEDIUM This Month

A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-3418 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Zxhn F670 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy