Skip to main content
CVE-2019-10253 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teammate
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-6995 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6786 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-6785 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11549 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16164 MEDIUM POC This Month

MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Myhtml
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16133 MEDIUM POC This Month

An issue was discovered in eteams OA v4.0.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eteams Oa
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-16132 MEDIUM POC This Month

An issue was discovered in OKLite v1.2.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Oklite
NVD
CVSS 3.1
6.5
EPSS
6.1%
CVE-2019-6784 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11547 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10670 MEDIUM POC This Month

An issue was discovered in LibreNMS through 1.47. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Librenms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16130 MEDIUM POC PATCH This Month

YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yii Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16126 MEDIUM POC PATCH This Month

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-16167 MEDIUM POC This Month

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sysstat Fedora Leap +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-6795 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-16173 MEDIUM POC PATCH This Month

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2019-16172 MEDIUM POC PATCH This Month

LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
4.6%
CVE-2019-11548 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5471 MEDIUM POC This Month

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-5467 MEDIUM POC This Month

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-6792 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-11546 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-5463 MEDIUM POC This Month

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-5483 MEDIUM POC PATCH This Month

Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seneca
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-10667 MEDIUM POC PATCH This Month

An issue was discovered in LibreNMS through 1.47. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Librenms
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-6997 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-6794 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-6789 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-11545 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-11544 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-16168 MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager E Series Santricity Os Controller Oncommand Insight +16
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6791 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-15297 MEDIUM PATCH This Month

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Asterisk
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2019-16166 MEDIUM This Month

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cflow
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16165 MEDIUM This Month

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Cflow
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16182 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16147 MEDIUM PATCH This Month

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16145 MEDIUM PATCH This Month

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Padrino Contrib
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16148 MEDIUM PATCH This Month

Sakai through 12.6 allows XSS via a chat user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sakai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16178 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Limesurvey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16180 MEDIUM PATCH This Month

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Limesurvey
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-16179 MEDIUM PATCH This Month

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Limesurvey
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-16176 MEDIUM PATCH This Month

A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Limesurvey
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-16146 MEDIUM PATCH This Month

Gophish through 0.8.0 allows XSS via a username. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gophish
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16175 MEDIUM PATCH This Month

A clickjacking vulnerability was found in Limesurvey before 3.17.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Limesurvey
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-6996 MEDIUM This Month

An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy