Skip to main content
CVE-2019-18212 MEDIUM POC PATCH This Month

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Red Hat Xml Server Project Wild Web Developer +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-18384 MEDIUM POC This Month

An issue was discovered on TerraMaster FS-210 4.0.19 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fs 210 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-9597 MEDIUM POC This Month

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Immune System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-9596 MEDIUM POC This Month

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Enterprise Immune System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-18350 MEDIUM POC This Month

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ant Design Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10475 MEDIUM POC THREAT This Month

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Build Metrics
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
57.7%
CVE-2019-18359 MEDIUM POC This Month

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Mp3Gain
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-6144 MEDIUM PATCH This Month

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass One Endpoint
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-3982 MEDIUM This Month

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-10472 MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10470 MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes Kubernetes Ci
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10469 MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes Kubernetes Ci
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10467 MEDIUM PATCH This Month

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sonar Gerrit
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10463 MEDIUM PATCH This Month

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Dynatrace Application Monitoring
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10459 MEDIUM PATCH This Month

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Jenkins Information Disclosure Mattermost Notification
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-14276 MEDIUM PATCH This Month

WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Xnat
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-18357 MEDIUM This Month

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-18356 MEDIUM This Month

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-18348 MEDIUM This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2019-17606 MEDIUM PATCH This Month

The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Hexo Admin
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-16977 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-16975 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-16976 MEDIUM PATCH This Month

In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fusionpbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18219 MEDIUM This Month

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Sitemagic
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-12415 MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-11282 MEDIUM This Month

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment Cloud Foundry Uaa
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-18281 MEDIUM PATCH This Month

An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qtbase Debian Linux
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-10474 MEDIUM This Month

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Global Post Script
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10473 MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10465 MEDIUM This Month

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Oracle Deploy Weblogic
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy