Skip to main content
CVE-2019-12562 MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.2%
CVE-2019-16532 MEDIUM POC This Month

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Yzmcms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-10092 MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server Leap Debian Linux +7
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
81.5%
CVE-2019-16904 MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16738 MEDIUM POC PATCH This Month

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Mediawiki Fedora Debian Linux
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-16903 MEDIUM POC This Month

Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Platinum
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-16524 MEDIUM POC This Month

The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Fancybox
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-4378 MEDIUM This Month

IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-16914 MEDIUM PATCH This Month

An XSS issue was discovered in pfSense through 2.4.4-p3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-16910 MEDIUM PATCH This Month

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mbed Crypto Mbed Tls Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-14272 MEDIUM PATCH This Month

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Silverstripe
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-15891 MEDIUM This Month

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ckfinder
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-16409 MEDIUM PATCH This Month

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverstripe Versionedfiles
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-13523 MEDIUM This Month

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Hbd3Pr2 Firmware H4D3Prv3 Firmware Hed3Pr3 Firmware +56
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-4262 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-14273 MEDIUM PATCH This Month

In SilverStripe assets 4.0, there is broken access control on files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Silverstripe
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy