Skip to main content
CVE-2019-6543 CRITICAL POC THREAT Act Now

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Indusoft Web Studio Intouch Machine Edition 2014
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
17.3%
CVE-2019-8319 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
7.8%
CVE-2019-8318 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8317 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8316 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.6%
CVE-2019-8315 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8314 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8313 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-8312 HIGH POC This Week

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
7.0%
CVE-2019-6545 HIGH POC THREAT This Week

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Indusoft Web Studio Intouch Machine Edition 2014
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
13.9%
CVE-2019-8335 MEDIUM POC This Month

An issue was discovered in SchoolCMS 2.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Schoolcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-8334 MEDIUM POC This Month

An issue was discovered in SchoolCMS 2.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Schoolcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5916 CRITICAL Act Now

Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Egg
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-5909 CRITICAL Act Now

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass B M 9000 Vp Centum Vp Prm Prosafe Rs
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2019-5913 HIGH PATCH This Week

Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Lhmelting
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-5912 HIGH This Week

Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unarj32 Dll
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-5911 HIGH PATCH This Week

Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Unlha32 Dll
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-3782 HIGH This Week

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Credhub Cli
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6541 HIGH PATCH This Week

A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Trend Micro RCE Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-6539 HIGH PATCH This Week

Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Trend Micro RCE Levistudiou
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-6537 HIGH PATCH This Week

Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Trend Micro Stack Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-5910 HIGH This Week

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple House Gate
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-5915 MEDIUM PATCH This Month

Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Openam
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-3610 MEDIUM This Month

Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure True Key
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-8337 MEDIUM PATCH This Month

In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mpop Msmtp
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-5914 MEDIUM This Month

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service V20 Pro L 01J Firmware
NVD
CVSS 3.0
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy