Skip to main content
CVE-2019-16097 MEDIUM POC PATCH THREAT This Month

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
6.5
EPSS
23.3%
CVE-2019-16104 MEDIUM POC This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16118 MEDIUM POC PATCH This Month

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Photo Gallery
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-16117 MEDIUM POC PATCH This Month

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Photo Gallery
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.6%
CVE-2019-16109 MEDIUM PATCH This Month

An issue was discovered in Plataformatec Devise before 4.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Devise
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-16101 MEDIUM This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-16105 MEDIUM This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
4.9
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy