Skip to main content
CVE-2019-6259 CRITICAL POC Act Now

An issue was discovered in idreamsoft iCMS V7.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-6256 CRITICAL POC Act Now

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Live555 Media Server Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-6251 HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure Epiphany Webkitgtk +4
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2019-6286 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2019-6285 MEDIUM POC This Month

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-6284 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-6283 MEDIUM POC This Month

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6278 MEDIUM POC This Month

XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-6257 HIGH PATCH This Week

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

PHP SSRF Elfinder
NVD GitHub
CVSS 3.1
7.7
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy