Skip to main content
CVE-2019-15898 MEDIUM POC This Month

Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-15889 MEDIUM POC PATCH THREAT This Month

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
12.5%
CVE-2019-15860 MEDIUM POC This Month

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-15870 MEDIUM POC This Month

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Carspot
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-15869 MEDIUM POC This Month

The JobCareer theme before 2.5.1 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobcareer
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-5480 MEDIUM POC This Month

A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Statichttpserver
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-15871 MEDIUM POC This Month

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Loginpress
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-6181 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-3754 MEDIUM This Month

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Dell Emc Unity Operating Environment Emc Unityvsa Operating Environment +1
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-15864 MEDIUM PATCH This Month

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Breadcrumbs By Menu
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1125 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd Intel Windows 10 +14
NVD Exploit-DB
CVSS 3.1
5.6
EPSS
4.5%
CVE-2019-5478 MEDIUM This Month

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zu11Eg Firmware Zu15Eg Firmware Zu17Eg Firmware Zu19Eg Firmware +37
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-6182 MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2019-6180 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy