Skip to main content
CVE-2019-18665 HIGH POC THREAT This Week

The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Domos
NVD
CVSS 3.1
7.5
EPSS
14.9%
CVE-2019-18661 HIGH POC This Week

Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fastgate Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-18662 CRITICAL PATCH Act Now

An issue was discovered in YouPHPTube through 7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Information Disclosure PHP Youphptube
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-18664 MEDIUM POC This Month

The Log module in SECUDOS DOMOS before 5.6 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Domos
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-14360 MEDIUM POC This Month

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2019-18673 MEDIUM POC This Month

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitbox02
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-14358 MEDIUM POC This Month

On Archos Safe-T devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Safe T
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-18668 MEDIUM This Month

An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Currency Switcher For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-18667 MEDIUM PATCH This Month

/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense Pkg Freeradius3
NVD GitHub
CVSS 3.1
6.1
EPSS
4.0%
CVE-2019-18659 MEDIUM This Month

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google Wireless Emergency Alerts
NVD
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy