Skip to main content
CVE-2019-1000022 HIGH POC This Week

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Sente
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1000005 HIGH POC PATCH This Week

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Mpdf
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-1000003 HIGH POC This Week

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Mapsvg Lite
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-7346 HIGH POC This Week

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zoneminder
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1000018 HIGH POC This Week

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rssh Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-1000021 HIGH POC PATCH This Week

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Slixmpp
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-7347 HIGH POC This Week

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Zoneminder
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2019-7323 HIGH POC PATCH This Week

GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Logmx
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-1000007 HIGH POC PATCH This Week

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Aioxmpp
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2019-7350 HIGH POC This Week

Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Zoneminder
NVD GitHub
CVSS 3.0
7.3
EPSS
1.0%
CVE-2019-1000014 HIGH This Week

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oracle Rebar3
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-1000013 HIGH PATCH This Week

Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oracle Hex Core
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-1000012 HIGH PATCH This Week

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Oracle Hex
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-3813 HIGH This Week

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Spice Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3461 HIGH This Week

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Debian Tmpreaper Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy