Skip to main content
CVE-2019-15955 MEDIUM POC This Month

An issue was discovered in Total.js CMS 12.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Total Js Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-5070 MEDIUM POC This Month

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Efront Lms
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10677 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Znid Gpon 2426A Eu Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
7.3%
CVE-2019-15939 MEDIUM POC PATCH This Month

An issue was discovered in OpenCV 4.1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Opencv Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
CVE-2019-14339 MEDIUM POC This Month

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Print
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.4%
CVE-2019-5065 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Blynk Library
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-13349 MEDIUM POC This Month

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Knowage
NVD
CVSS 3.0
4.9
EPSS
1.3%
CVE-2019-13361 MEDIUM This Month

Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass W100 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-15946 MEDIUM PATCH This Month

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2019-15945 MEDIUM PATCH This Month

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2019-15848 MEDIUM PATCH This Month

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Teamcity
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-4186 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-12644 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-10753 MEDIUM PATCH This Month

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Eclipse Cdt Eclipse Groovy Eclipse Wtp
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2019-2180 MEDIUM This Month

In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2179 MEDIUM This Month

In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-2124 MEDIUM PATCH This Month

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Java Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2019-2103 MEDIUM PATCH This Month

In Google Assistant in Android 9, there is a possible permissions bypass that allows the Assistant to take a screenshot of apps with FLAG_SECURE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-4149 MEDIUM This Month

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-15944 MEDIUM This Month

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Counter Strike
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-14278 MEDIUM This Month

In Knowage through 6.1.1, an unauthenticated user can enumerated valid usernames via the ChangePwdServlet page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Knowage
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-13190 MEDIUM This Month

In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Knowage
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-12635 MEDIUM This Month

A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Content Security Management Appliance
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy