Skip to main content
CVE-2019-9641 CRITICAL POC PATCH Act Now

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
9.8
EPSS
9.4%
CVE-2019-9640 HIGH POC PATCH This Week

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2019-9639 HIGH POC PATCH This Week

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Debian Linux Ubuntu Linux Leap +2
NVD
CVSS 3.1
7.5
EPSS
8.2%
CVE-2019-9638 HIGH POC PATCH This Week

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-9637 HIGH PATCH This Week

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation PHP Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.0
7.5
EPSS
7.3%
CVE-2019-9580 MEDIUM This Month

In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stackstorm
NVD GitHub
CVSS 3.0
6.1
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy