Skip to main content
CVE-2019-15689 MEDIUM POC This Month

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Information Disclosure Kaspersky Internet Security Secure Connection +2
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2019-19516 MEDIUM POC This Month

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wrn 150 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.6%
CVE-2019-19362 MEDIUM POC This Month

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Teamviewer
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-19491 MEDIUM POC This Month

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Testlink
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-19489 MEDIUM POC This Month

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Smplayer
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-19496 MEDIUM POC This Month

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alfresco
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19493 MEDIUM POC PATCH This Month

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Xperience
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.0%
CVE-2019-19507 MEDIUM POC PATCH This Month

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor':. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Json Pattern Validator
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-19118 MEDIUM PATCH This Month

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-12390 MEDIUM This Month

Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anviz Firmware
NVD
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy