Skip to main content
CVE-2019-9125 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-9124 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-878 1.12B01 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 878 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-9123 CRITICAL POC Act Now

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure D-Link Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9152 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.10.4 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-9151 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.10.4 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-9144 HIGH POC This Week

An issue was discovered in Exiv2 0.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2019-9143 HIGH POC This Week

An issue was discovered in Exiv2 0.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2019-9122 HIGH POC THREAT This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
23.5%
CVE-2019-9114 HIGH POC This Week

Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-9113 HIGH POC This Week

Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ming
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-9162 HIGH POC PATCH This Week

In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Buffer Overflow Linux Memory Corruption Linux Kernel +5
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-9116 HIGH POC This Week

DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Sublime Text 3
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-9146 HIGH POC This Week

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Apple Information Disclosure Self Service
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-9126 HIGH POC This Week

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825 Rev B Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-1689 HIGH POC This Week

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Apple Webex Teams
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2019-9145 MEDIUM POC This Month

An issue was discovered in Hsycms V1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hsycms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9110 MEDIUM POC This Month

XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9109 MEDIUM POC This Month

XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9108 MEDIUM POC This Month

XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9107 MEDIUM POC This Month

XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-6266 CRITICAL Act Now

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Bestinformed
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2019-9115 CRITICAL PATCH Act Now

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Irisnet Crypto
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-6265 HIGH This Week

The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Bestinformed
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-1683 HIGH This Week

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa525 Firmware Spa5X5 Firmware +11
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2019-9142 MEDIUM PATCH This Month

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Symphony
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9112 MEDIUM This Month

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Xiaomi Perseus P Oss
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-9111 MEDIUM This Month

The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the count argument in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Xiaomi Perseus P Oss
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy