Skip to main content
CVE-2019-16332 MEDIUM POC This Month

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Api Bearer Auth
NVD
CVSS 3.1
6.1
EPSS
5.7%
CVE-2019-16321 MEDIUM POC This Month

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scadabr
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16335 CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Fedora Debian Linux Oncommand Api Services +13
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-14540 CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Oncommand Api Services Oncommand Workflow Automation Steelstore Cloud Integrated Storage +15
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2019-16333 MEDIUM POC This Month

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16334 MEDIUM POC This Month

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16319 HIGH This Week

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-16320 MEDIUM This Month

Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sea Tel Coastal 18 Firmware Sailor 600 Vsat Ku Firmware Sailor 800 Vsat Firmware Sailor 900 Vsat Firmware +7
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy