Skip to main content
CVE-2019-8942 HIGH POC THREAT Act Now

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress RCE Debian Linux
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
82.7%
CVE-2019-8954 HIGH POC This Week

In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Indexhibit
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-3475 HIGH POC This Week

A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-3924 HIGH POC THREAT This Week

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
15.7%
CVE-2019-1003025 HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins Cloud Foundry
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-1003024 HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy