Skip to main content
CVE-2019-15258 MEDIUM POC This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-17627 MEDIUM POC This Month

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yale Bluetooth Key
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-17611 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17610 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17609 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17608 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17607 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17660 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-16521 MEDIUM POC This Month

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Broken Link Checker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-13392 MEDIUM POC This Month

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Natemail
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2019-17578 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-17577 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-17576 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-16523 MEDIUM POC This Month

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Events Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2019-16520 MEDIUM POC PATCH This Month

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress All In One Seo Pack
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2019-16522 MEDIUM POC This Month

The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Eu Cookie Law
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-17630 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-17629 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-2989 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Graalvm Jdk +10
NVD
CVSS 3.1
6.8
EPSS
3.2%
CVE-2019-2976 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2019-2949 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +13
NVD
CVSS 3.1
6.8
EPSS
3.6%
CVE-2019-2936 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2019-2909 MEDIUM PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Database Server
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2019-15277 MEDIUM This Month

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Telepresence Collaboration Endpoint
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-15275 MEDIUM This Month

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Telepresence Collaboration Endpoint
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-15274 MEDIUM This Month

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Telepresence Collaboration Endpoint
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-15265 MEDIUM This Month

A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1540 Firmware Aironet 1560 Firmware Aironet 1800 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-15264 MEDIUM This Month

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1540 Firmware Aironet 1560 Firmware Aironet 1850 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-15257 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-12708 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-12704 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-6474 MEDIUM This Month

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kea
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-6473 MEDIUM This Month

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kea
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6472 MEDIUM This Month

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kea
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-3026 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-3021 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-3011 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-3004 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2980 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: eMail). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Direct Banking
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-2974 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Ubuntu Linux +2
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2019-2967 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2966 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2946 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2943 MEDIUM PATCH This Month

Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Data Integrator
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-2914 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-10444 MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure Bumblebee Hp Alm
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10438 MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10436 MEDIUM PATCH This Month

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Google Oauth Credentials
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-2927 MEDIUM PATCH This Month

Vulnerability in the Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable.

Information Disclosure Oracle Hyperion Data Relationship Management
NVD
CVSS 3.1
6.4
EPSS
1.1%
CVE-2019-2897 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Business Intelligence Enterprise Manager Base Platform Mysql Server
NVD
CVSS 3.1
6.4
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy