Skip to main content
CVE-2019-6719 HIGH POC This Week

An issue has been found in libIEC61850 v1.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libiec61850
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-6706 HIGH POC PATCH THREAT This Week

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Lua Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
17.2%
CVE-2019-6708 HIGH POC This Week

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD GitHub
CVSS 3.0
7.2
EPSS
1.0%
CVE-2019-6707 HIGH POC This Week

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD GitHub
CVSS 3.0
7.2
EPSS
1.0%
CVE-2019-6691 HIGH POC This Week

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpwind
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2019-1642 MEDIUM POC This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.9%
CVE-2019-6713 CRITICAL Act Now

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Thinkcmf
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1641 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Meetings Online +1
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-1640 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Meetings Online +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-1639 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Meetings Online +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-1638 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Meetings Online +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-1637 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Cisco Webex Meetings Online +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-1636 HIGH This Week

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Cisco Webex Teams
NVD
CVSS 3.0
7.8
EPSS
46.9%
CVE-2019-1644 HIGH This Week

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-3587 MEDIUM This Month

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Total Protection
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-1643 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-3584 MEDIUM This Month

Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mvision Endpoint
NVD
CVSS 3.0
6.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy