Skip to main content
CVE-2019-0604 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft SharePoint allows remote code execution through crafted application packages due to improper source markup validation, enabling server-side code execution on SharePoint farms without authentication.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-3922 CRITICAL POC Act Now

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-3918 CRITICAL POC Act Now

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-3921 HIGH POC THREAT This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE I 240W Q Gpon Ont Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.9%
CVE-2019-3920 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2019-3919 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2019-6224 HIGH POC This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.0%
CVE-2019-6215 HIGH POC This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apple RCE Memory Corruption Safari +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.8%
CVE-2019-6214 HIGH POC This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Memory Corruption Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
3.6%
CVE-2019-9213 MEDIUM POC PATCH This Month

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +3
NVD GitHub Exploit-DB
CVSS 3.1
5.5
EPSS
5.7%
CVE-2019-0724 HIGH POC PATCH THREAT This Week

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure Exchange Server
NVD GitHub
CVSS 3.1
8.1
EPSS
23.8%
CVE-2019-6225 HIGH POC THREAT This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Memory Corruption Iphone Os Mac Os X +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
28.5%
CVE-2019-6218 HIGH POC This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.5%
CVE-2019-6213 HIGH POC This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.4%
CVE-2019-6205 HIGH POC This Week

A memory corruption issue was addressed with improved lock state checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Memory Corruption Iphone Os Mac Os X +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.1%
CVE-2019-3917 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-9572 HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-9576 MEDIUM POC This Month

The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Blog2Social
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-9575 MEDIUM POC This Month

The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Quiz And Survey Master
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-0729 CRITICAL PATCH Act Now

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure Java Software Development Kit
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-0626 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +7
NVD
CVSS 3.0
9.8
EPSS
68.3%
CVE-2019-6563 CRITICAL Act Now

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-6557 CRITICAL Act Now

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware +1
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2019-6524 CRITICAL Act Now

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-4032 CRITICAL PATCH Act Now

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-8262 CRITICAL Act Now

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Ultravnc Sinumerik Access Mymachine P2P +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-8261 CRITICAL Act Now

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ultravnc
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-8260 CRITICAL Act Now

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ultravnc
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-8258 CRITICAL Act Now

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Ultravnc Sinumerik Access Mymachine P2P +2
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-6209 MEDIUM POC This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Information Disclosure Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.7%
CVE-2019-6208 MEDIUM POC This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tv Os
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.4%
CVE-2019-6522 CRITICAL Act Now

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware +1
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2019-0668 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-0662 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
15.4%
CVE-2019-0633 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
13.0%
CVE-2019-0630 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
17.8%
CVE-2019-0618 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
67.0%
CVE-2019-0613 HIGH PATCH This Week

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Net Framework Visual Studio 2017
NVD
CVSS 3.0
8.8
EPSS
15.4%
CVE-2019-0594 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
8.8
EPSS
12.4%
CVE-2019-6561 HIGH This Week

Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-6528 HIGH This Week

PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Telecontrol Gateway Xs Mu Firmware Telecontrol Gateway Vm Firmware Telecontrol Gateway 3G Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-6234 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6233 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +5
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6227 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-6226 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6217 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6216 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6212 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-6211 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +1
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-6200 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Apple Information Disclosure Iphone Os +1
NVD
CVSS 3.0
8.8
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy