Skip to main content
CVE-2019-1653 HIGH POC KEV THREAT Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Rv320 Firmware Rv325 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
99.9%
CVE-2019-1652 HIGH POC KEV THREAT Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Rv320 Firmware Rv325 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
95.9%
CVE-2019-6779 HIGH POC This Week

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
CVSS 3.0
8.1
EPSS
0.5%
CVE-2019-6780 MEDIUM POC PATCH This Month

The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress PHP Open Redirect Wise Chat
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.9%
CVE-2019-6777 MEDIUM POC PATCH This Month

An issue was discovered in ZoneMinder v1.32.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1651 HIGH This Week

A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco RCE Vsmart Controller
NVD
CVSS 3.0
8.8
EPSS
4.9%
CVE-2019-1650 HIGH This Week

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vedge 100 Firmware Vedge 1000 Firmware Vedge 2000 Firmware +5
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-1669 HIGH This Week

A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.0
8.6
EPSS
1.2%
CVE-2019-6486 HIGH PATCH This Week

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go Debian Linux Leap
NVD GitHub
CVSS 3.0
8.2
EPSS
4.3%
CVE-2019-1647 HIGH This Week

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan Vsmart Controller
NVD
CVSS 3.0
8.0
EPSS
0.8%
CVE-2019-1648 HIGH This Week

A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vedge 100 Firmware Vedge 1000 Firmware Vedge 2000 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1646 HIGH This Week

A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vedge 100 Firmware Vedge 1000 Firmware Vedge 2000 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1658 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Intelligence Center
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2019-1668 MEDIUM This Month

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Socialminer
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-1655 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1656 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Nfv Infrastructure Software
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2019-1657 MEDIUM This Month

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Information Disclosure Amp Threat Grid Appliance Amp Threat Grid Cloud
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-1645 MEDIUM This Month

A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Connected Mobile Experiences
NVD
CVSS 3.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy