Skip to main content
CVE-2019-15759 MEDIUM POC PATCH This Month

An issue was discovered in Binaryen 1.38.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-15758 MEDIUM POC PATCH This Month

An issue was discovered in Binaryen 1.38.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-15757 MEDIUM POC PATCH This Month

libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmirage
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-15811 MEDIUM POC This Month

In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.4%
CVE-2019-15771 MEDIUM POC This Month

The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Components For Wp Bakery Page Builder
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-15776 MEDIUM POC This Month

The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Simple 301 Redirects Addon Bulk Uploader
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-15775 MEDIUM POC This Month

The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Learning Courses
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-15774 MEDIUM POC This Month

The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Booking
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-15773 MEDIUM POC This Month

The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Travel Management
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-15772 MEDIUM POC This Month

The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Donations
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13407 MEDIUM POC This Month

A XSS found in Advan VD-1 firmware versions up to 230. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vd 1 Firmware Gv Vr360 Firmware Gv Vd8700 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-15777 MEDIUM POC This Month

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Dsgvo Tools
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14979 MEDIUM POC This Month

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Paypal Checkout Payment Gateway
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-14978 MEDIUM POC This Month

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Payu India Payment Gateway
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-11250 MEDIUM PATCH This Month

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-11249 MEDIUM PATCH This Month

The kubectl cp command allows copying files between containers and the user machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
3.7%
CVE-2019-11246 MEDIUM PATCH This Month

The kubectl cp command allows copying files between containers and the user machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2019-10724 MEDIUM This Month

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Legion Y520T Z370 Firmware Aio310 20Iap Firmware Aio510 22Ish Firmware Aio510 23Ish Firmware +104
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-4536 MEDIUM PATCH This Month

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect. Rated medium severity (CVSS 6.3). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2019-15782 MEDIUM PATCH This Month

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webtorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-14534 MEDIUM PATCH This Month

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2019-15778 MEDIUM This Month

The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Additional Variation Images For Woocommerce
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4133 MEDIUM This Month

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Automation Manager
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2019-15807 MEDIUM PATCH This Month

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Debian Linux Enterprise Linux
NVD
CVSS 3.1
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy