Skip to main content
CVE-2019-13189 MEDIUM POC This Month

In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowage
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15713 MEDIUM POC This Month

The my-calendar plugin before 3.1.10 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress My Calendar
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2019-15716 MEDIUM POC PATCH This Month

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Wtf
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-15230 MEDIUM POC This Month

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librenms
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-14694 MEDIUM POC PATCH This Month

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Antivirus
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2019-10057 MEDIUM This Month

Various Lexmark products have CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2019-1963 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os Fx Os
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-10391 MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Ibm Application Security On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-5590 MEDIUM This Month

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortiweb
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-10059 MEDIUM This Month

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +67
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-9935 MEDIUM This Month

Various Lexmark products have Incorrect Access Control (issue 2 of 2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-9934 MEDIUM This Month

Various Lexmark products have Incorrect Access Control (issue 1 of 2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs31X Firmware Cs41X Firmware Cx310 Firmware Ms310 Firmware +21
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-15714 MEDIUM This Month

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Entropic
NVD GitHub
CVSS 3.0
5.3
EPSS
1.8%
CVE-2019-10383 MEDIUM PATCH This Month

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jenkins Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
4.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy