Skip to main content
CVE-2019-9194 CRITICAL POC PATCH THREAT Act Now

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Elfinder
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
96.6%
CVE-2019-9201 CRITICAL POC Act Now

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ilc 131 Eth Firmware Ilc 131 Eth Xc Firmware Ilc 151 Eth Firmware Ilc 151 Eth Xc Firmware +4
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9195 CRITICAL POC PATCH Act Now

util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal RCE Grin
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-9184 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi J2Store
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.0%
CVE-2019-9169 CRITICAL POC PATCH Act Now

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Glibc Cloud Backup Ontap Select Deploy Administration Utility +3
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2019-9200 HIGH POC This Week

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Poppler Debian Linux +1
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-9199 HIGH POC This Week

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo Fedora
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-9182 HIGH POC This Week

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Zzzphp
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-9192 HIGH POC This Week

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-9181 HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-7392 CRITICAL Act Now

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privileged Access Manager
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2019-6592 CRITICAL Act Now

On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2019-6595 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9168 MEDIUM PATCH This Month

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woocommerce
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-9191 MEDIUM This Month

The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enterprise Transport Security
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-6594 MEDIUM This Month

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-6593 MEDIUM This Month

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.0
5.9
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy