Skip to main content
CVE-2019-9594 CRITICAL POC Act Now

BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bluecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9617 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9614 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-9612 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9609 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9608 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-9581 HIGH POC PATCH THREAT This Week

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Booked
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.5%
CVE-2019-9589 HIGH POC This Week

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9588 HIGH POC This Week

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9587 HIGH POC This Week

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9601 HIGH POC This Week

The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Apowermanager
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2019-9600 HIGH POC This Week

The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Ftp Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2019-9599 HIGH POC THREAT This Week

The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Airdroid
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2019-9590 HIGH POC This Week

An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service T 920 Plc Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-9616 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ofcms
NVD
CVSS 3.0
7.2
EPSS
2.7%
CVE-2019-9615 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ofcms
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-9613 HIGH POC This Week

An issue was discovered in OFCMS before 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ofcms
NVD
CVSS 3.0
7.2
EPSS
2.7%
CVE-2019-9611 MEDIUM POC This Month

An issue was discovered in OFCMS before 1.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ofcms
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-9603 MEDIUM POC This Month

MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minicms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-9595 MEDIUM POC This Month

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Appcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9593 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.4%
CVE-2019-9592 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-9591 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-0187 CRITICAL PATCH Act Now

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jmeter
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-9606 MEDIUM POC This Month

PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Personal Video Collection Script
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-9607 MEDIUM POC This Month

PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Medical Store Script
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-9610 MEDIUM POC This Month

An issue was discovered in OFCMS before 1.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ofcms
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2019-1593 HIGH PATCH This Week

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1591 HIGH PATCH This Week

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-1585 HIGH This Week

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os Application Policy Infrastructure Controller Software
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-0200 HIGH PATCH This Week

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Qpid Broker J
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2019-1594 HIGH PATCH This Week

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Denial Of Service Cisco VMware Nx Os
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2019-1543 HIGH This Week

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure
NVD
CVSS 3.0
7.4
EPSS
5.7%
CVE-2019-1595 MEDIUM PATCH This Month

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-3824 MEDIUM PATCH This Month

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Samba Ubuntu Linux +1
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2019-4030 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-1588 MEDIUM PATCH This Month

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Cisco Nx Os
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy