Skip to main content
CVE-2019-16414 MEDIUM POC This Month

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kerio Control
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-16684 MEDIUM POC PATCH This Month

An issue was discovered in the image-manager in Xoops 2.5.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xoops
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-16683 MEDIUM POC PATCH This Month

An issue was discovered in the image-manager in Xoops 2.5.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xoops
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-17045 MEDIUM POC This Month

Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilch Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16994 MEDIUM POC PATCH This Month

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel Leap Enterprise Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-4304 MEDIUM This Month

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation IBM Websphere Application Server
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2019-15810 MEDIUM PATCH This Month

Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Netdisco
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4109 MEDIUM This Month

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Websphere Extreme Scale
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-14752 MEDIUM This Month

SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-13467 MEDIUM PATCH This Month

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Ssd Dashboard
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-4115 MEDIUM This Month

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Extreme Scale
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4423 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling File Gateway
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-4305 MEDIUM This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-4280 MEDIUM This Month

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling File Gateway
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-3733 MEDIUM This Month

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Rsa Bsafe Crypto C
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2019-4106 MEDIUM This Month

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Websphere Extreme Scale
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy