Skip to main content
CVE-2019-16721 MEDIUM POC This Month

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Nonecms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16719 MEDIUM POC This Month

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Wtcms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16713 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16712 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-16711 MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16710 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16709 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-16708 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16707 MEDIUM POC This Month

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hunspell Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-16703 MEDIUM POC This Month

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16704 MEDIUM POC This Month

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16518 MEDIUM POC This Month

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swell Kit Mod Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10990 MEDIUM This Month

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crimson
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-12407 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10090 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-12404 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10089 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10087 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10755 MEDIUM PATCH This Month

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Apache Pac4J
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2019-15635 MEDIUM This Month

An issue was discovered in Grafana 5.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2019-16723 MEDIUM PATCH This Month

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Cacti
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy