Skip to main content
CVE-2019-18664 MEDIUM POC This Month

The Log module in SECUDOS DOMOS before 5.6 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Domos
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-14360 MEDIUM POC This Month

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2019-18673 MEDIUM POC This Month

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitbox02
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-14358 MEDIUM POC This Month

On Archos Safe-T devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Safe T
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-18668 MEDIUM This Month

An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Currency Switcher For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-18667 MEDIUM PATCH This Month

/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense Pkg Freeradius3
NVD GitHub
CVSS 3.1
6.1
EPSS
4.0%
CVE-2019-18659 MEDIUM This Month

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google Wireless Emergency Alerts
NVD
CVSS 3.1
5.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy