Skip to main content
CVE-2019-8933 HIGH POC This Week

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-5783 HIGH This Week

Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google Chrome Debian Linux
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-5782 HIGH This Week

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Information Disclosure Chrome +5
NVD
CVSS 3.0
8.8
EPSS
12.9%
CVE-2019-5774 HIGH This Week

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Google Chrome Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-5772 HIGH This Week

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +5
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-5771 HIGH This Week

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2019-5770 HIGH This Week

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-5769 HIGH This Week

Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-5764 HIGH This Week

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +5
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-5763 HIGH This Week

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-5762 HIGH This Week

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Chrome Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-5761 HIGH This Week

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-5760 HIGH This Week

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +5
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-5758 HIGH This Week

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-5757 HIGH This Week

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-5756 HIGH This Week

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free RCE Memory Corruption Chrome +5
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-5755 HIGH This Week

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +3
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-5780 HIGH This Week

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy