Skip to main content
CVE-2019-11013 MEDIUM POC THREAT This Month

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nimble Streamer
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
24.0%
CVE-2019-9155 MEDIUM POC PATCH This Month

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Openpgpjs
NVD GitHub
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-12386 MEDIUM POC This Month

An issue was discovered in Ampache through 3.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ampache
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-15317 MEDIUM POC This Month

The give plugin before 2.4.7 for WordPress has XSS via a donor name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Givewp
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-15314 MEDIUM POC This Month

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-15328 MEDIUM This Month

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Import Users From Csv With Meta
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15327 MEDIUM This Month

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Import Users From Csv With Meta
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15331 MEDIUM This Month

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Support Plus Responsive Ticket System
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5633 MEDIUM This Month

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Hickory Smart
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-5632 MEDIUM This Month

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Hickory Smart
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-14469 MEDIUM This Month

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexus Repository Manager
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-5634 MEDIUM This Month

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Hickory Smart
NVD
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy