Skip to main content
CVE-2019-3574 HIGH POC This Week

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-3572 MEDIUM POC This Month

An issue was discovered in libming 0.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-3577 CRITICAL Act Now

An issue was discovered in Waimai Super Cms 20150505. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-3576 CRITICAL Act Now

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Information Disclosure Inxedu
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-3573 MEDIUM POC This Month

In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-3501 MEDIUM POC This Month

The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ougc Awards
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.4%
CVE-2019-3500 HIGH PATCH This Week

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Aria2 Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy