Skip to main content
CVE-2019-15584 MEDIUM POC This Month

A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-19916 MEDIUM POC This Month

In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Midori
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-19908 MEDIUM POC THREAT This Month

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmychat Plus
NVD
CVSS 3.1
6.1
EPSS
21.2%
CVE-2019-18263 MEDIUM This Month

An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Veradius Unity Firmware Pulsera Firmware Endura Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-19789 MEDIUM This Month

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Plcwinnt Runtime Toolkit Sp Realtime Nt
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-4744 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-4742 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19692 MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4555 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19691 MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-4743 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-4736 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Financial Transaction Manager For Multiplatform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2019-4231 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy