Skip to main content
CVE-2019-11216 MEDIUM POC This Month

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE File Upload Remedy Smart Reporting
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-19229 MEDIUM POC This Month

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware Eco 27 0 3 S Firmware Galvo 1 5 1 Firmware +62
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-19133 MEDIUM POC This Month

The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Csshero
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2019-19555 MEDIUM POC This Month

read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xfig
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-17554 MEDIUM POC PATCH THREAT This Month

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Deserialization Olingo
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
12.2%
CVE-2019-18347 MEDIUM POC This Month

A stored XSS issue was discovered in DAViCal through 1.1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Davical
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-19579 MEDIUM This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xen Fedora
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-7197 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Qts
NVD
CVSS 3.1
4.8
EPSS
1.2%
CVE-2019-16752 MEDIUM This Month

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dash Core Decentralized Anonymous Payment System Private Instant Verified Transactions
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy