Skip to main content
CVE-2018-20250 HIGH POC KEV THREAT Act Now

WinRAR before 5.61 contains a path traversal vulnerability in the ACE archive format handler (UNACEV2.dll) that allows extraction of files to arbitrary locations, enabling persistent malware installation through Startup folder placement.

NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
93.5%
Threat
9.4
CVE-2019-7412 CRITICAL POC Act Now

The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Ps Phpcaptcha Wp
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-7390 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.6
EPSS
2.0%
CVE-2019-7398 HIGH POC This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-7397 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick Leap Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-7396 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-7395 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-7389 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-7388 HIGH POC This Week

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-7402 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2019-7400 MEDIUM POC This Month

Rukovoditel before 2.4.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2019-6523 CRITICAL Act Now

WebAccess/SCADA, Version 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess Scada
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-6519 CRITICAL Act Now

WebAccess/SCADA, Version 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess Scada
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-7403 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Phpmywind
NVD GitHub
CVSS 3.0
4.9
EPSS
1.7%
CVE-2019-6521 HIGH This Week

WebAccess/SCADA, Version 8.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess Scada
NVD
CVSS 3.0
8.6
EPSS
1.9%
CVE-2019-6535 HIGH This Week

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Q03Udvcpu Firmware Q04Udvcpu Firmware Q06Udvcpu Firmware Q13Udvcpu Firmware +14
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2019-3818 HIGH PATCH This Week

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Red Hat Kube Rbac Proxy Openshift Container Platform
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-7413 MEDIUM PATCH This Month

In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Parallax Scroll
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-6590 MEDIUM This Month

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-6591 MEDIUM This Month

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy