Skip to main content
CVE-2019-1000006 CRITICAL POC Act Now

RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-7316 CRITICAL POC Act Now

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Chat2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-1000022 HIGH POC This Week

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Sente
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1000005 HIGH POC PATCH This Week

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Mpdf
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-1000003 HIGH POC This Week

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Mapsvg Lite
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-7346 HIGH POC This Week

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zoneminder
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1000018 HIGH POC This Week

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rssh Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-1000021 HIGH POC PATCH This Week

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Slixmpp
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-7347 HIGH POC This Week

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Zoneminder
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2019-7323 HIGH POC PATCH This Week

GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Logmx
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1000007 HIGH POC PATCH This Week

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Aioxmpp
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2019-7350 HIGH POC This Week

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Zoneminder
NVD GitHub
CVSS 3.0
7.3
EPSS
1.0%
CVE-2019-1000019 MEDIUM POC This Month

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Libarchive Debian Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.4%
CVE-2019-1000009 MEDIUM POC This Month

Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chartmuseum
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-1000008 MEDIUM POC PATCH This Month

All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Helm
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-7351 MEDIUM POC This Month

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Zoneminder
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-1000010 MEDIUM POC PATCH This Month

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Phpipam
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7352 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7349 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7348 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-7344 MEDIUM POC This Month

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7343 MEDIUM POC This Month

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7342 MEDIUM POC This Month

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-7341 MEDIUM POC This Month

Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7340 MEDIUM POC This Month

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7339 MEDIUM POC This Month

POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7338 MEDIUM POC This Month

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7336 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7335 MEDIUM POC This Month

Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7334 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7333 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7332 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7331 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7330 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7329 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-7328 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7327 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7326 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7325 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1000023 CRITICAL Act Now

OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ng Netms
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-1000001 CRITICAL Act Now

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-7314 CRITICAL Act Now

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Streaming Media Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-7317 MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libpng Debian Linux +30
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-1000014 HIGH This Week

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oracle Rebar3
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-1000013 HIGH PATCH This Week

Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oracle Hex Core
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-1000012 HIGH PATCH This Week

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oracle Hex
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-7345 MEDIUM POC This Month

Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-7337 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zoneminder
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-3813 HIGH This Week

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Spice Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3461 HIGH This Week

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Debian Tmpreaper Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy