Skip to main content
CVE-2019-6805 CRITICAL POC Act Now

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-6956 HIGH POC This Week

An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2019-6966 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-628. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-6804 MEDIUM POC PATCH This Month

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rundeck
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2019-6803 MEDIUM POC This Month

typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typora
NVD GitHub
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-6802 MEDIUM POC PATCH This Month

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pypiserver
NVD GitHub
CVSS 3.0
6.1
EPSS
3.9%
CVE-2019-3819 MEDIUM PATCH This Month

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy