Skip to main content
CVE-2019-20007 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.2 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-20005 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-19984 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2019-19540 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-20000 MEDIUM POC This Month

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Premium Protection
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-20008 MEDIUM POC PATCH This Month

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archery
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19389 MEDIUM POC PATCH This Month

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ktor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19542 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19541 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19981 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Email Subscribers Newsletters
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19985 MEDIUM POC THREAT This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Information Disclosure Email Subscribers Newsletters
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
71.4%
CVE-2019-19982 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Email Subscribers Newsletters
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-19983 MEDIUM POC This Month

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Minify
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-19980 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-6013 MEDIUM This Month

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dba 1510P Firmware
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2019-6024 MEDIUM This Month

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Apple Rakuma
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6022 MEDIUM This Month

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6035 MEDIUM PATCH This Month

Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Athenz
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6034 MEDIUM This Month

a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-6033 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6031 MEDIUM This Month

Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Kinza
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6029 MEDIUM This Month

Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom Body Class
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-6025 MEDIUM This Month

Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-6021 MEDIUM This Month

Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Limedio
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-6020 MEDIUM This Month

Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Powercms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-6018 MEDIUM This Month

Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netcommons
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6016 MEDIUM This Month

Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Payment Module
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6011 MEDIUM This Month

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wpdatatables Lite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16781 MEDIUM This Month

In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2019-16780 MEDIUM PATCH This Month

WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2019-6017 MEDIUM This Month

REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Payment Module
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-5272 MEDIUM This Month

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Usg9500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2019-6023 MEDIUM This Month

Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy