Skip to main content
CVE-2019-11559 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hrworks
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16394 MEDIUM POC PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Spip Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
7.5%
CVE-2019-16391 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-6838 MEDIUM This Month

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6833 MEDIUM This Month

A CWE-754 - Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hmigto Firmware Hmisto Firmware Xbtgh Firmware Hmigtu Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-4477 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13542 MEDIUM This Month

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 +7
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-16393 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

PHP Open Redirect Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16392 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-4086 MEDIUM PATCH This Month

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Application Performance Management
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-6830 MEDIUM This Month

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Modicon M580 Firmware
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2019-12755 MEDIUM This Month

Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Norton Password Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-6835 MEDIUM This Month

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-4342 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4270 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4268 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-9681 MEDIUM PATCH This Month

Online upgrade information in some firmware packages of Dahua products is not encrypted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dahua Information Disclosure Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-14826 MEDIUM This Month

A flaw was found in FreeIPA versions 4.5.0 and later. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freeipa Enterprise Linux
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-4442 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Websphere Application Server
NVD
CVSS 3.1
4.3
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy