Skip to main content
CVE-2019-9624 HIGH POC THREAT Act Now

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java RCE Webmin
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
23.7%
CVE-2019-9120 CRITICAL POC Act Now

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection M2 Firmware C1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-9119 CRITICAL POC Act Now

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection M2 Firmware C1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-9118 CRITICAL POC Act Now

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection M2 Firmware C1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-9117 CRITICAL POC Act Now

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection M2 Firmware C1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-0192 CRITICAL POC PATCH THREAT Act Now

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Deserialization Solr Storage Automation Store
NVD
CVSS 3.0
9.8
EPSS
77.5%
CVE-2019-5019 CRITICAL POC Act Now

A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Microsoft RCE Office Server Document Converter
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-9626 CRITICAL POC Act Now

PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpshe
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-9623 CRITICAL POC Act Now

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Microsoft RCE Feng Office
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-9185 HIGH POC PATCH This Week

Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Bolt
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-8437 HIGH POC This Week

njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Njiandan Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-6710 HIGH POC This Week

Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Nbg 418N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-9625 HIGH POC This Week

JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Directadmin
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2019-7175 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-9598 MEDIUM POC This Month

An issue was discovered in Cscms 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Cscms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-3778 MEDIUM POC PATCH THREAT This Month

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
15.6%
CVE-2019-7661 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7660 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-9121 CRITICAL Act Now

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection M2 Firmware C1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-3777 CRITICAL Act Now

Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Application Service
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-8439 MEDIUM POC This Month

An issue was discovered in DiliCMS 2.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-8440 MEDIUM POC This Month

An issue was discovered in DiliCMS 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-8438 MEDIUM POC This Month

An issue was discovered in DiliCMS 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dilicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-3783 HIGH This Week

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Stratos
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-3781 HIGH This Week

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Line Interface
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-3712 HIGH PATCH This Week

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Dell RCE Windows Embedded Standard Wyse Device Agent Wyse Thinlinux Hagent
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-1599 HIGH PATCH This Week

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft VMware Cisco Nx Os
NVD
CVSS 3.1
8.6
EPSS
14.2%
CVE-2019-9622 MEDIUM POC This Month

eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ebrigade
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
4.8%
CVE-2019-1596 HIGH PATCH This Week

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-8986 HIGH This Week

The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jasperreports Server
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2019-1598 HIGH PATCH This Week

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Firepower Extensible Operating System Nx Os
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-1597 HIGH PATCH This Week

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Firepower Extensible Operating System Nx Os
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-3784 MEDIUM This Month

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Stratos
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-3775 MEDIUM This Month

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Uaa Release
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-3776 MEDIUM This Month

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Operations Manager
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-1600 MEDIUM PATCH This Month

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Privilege Escalation Cisco Firepower Extensible Operating System Nx Os
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy