Skip to main content
CVE-2019-9651 CRITICAL POC Act Now

An issue was discovered in SDCMS V1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Sdcms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9692 MEDIUM POC PATCH THREAT This Month

class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Cms Made Simple
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
45.9%
CVE-2019-9688 HIGH POC This Week

sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sftnow
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-9656 HIGH POC This Week

An issue was discovered in LibOFX 0.9.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libofx Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-9652 HIGH POC This Week

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sdcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-9662 HIGH POC This Week

An issue was discovered in JTBC(PHP) 3.0.1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-1617 HIGH POC This Week

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.4
EPSS
1.5%
CVE-2019-9650 MEDIUM POC PATCH This Month

An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Upcoming Events
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.4%
CVE-2019-9687 CRITICAL PATCH Act Now

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Podofo Fedora
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-9659 CRITICAL Act Now

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wifi Alarm System Firmware Wifi Cellular Smart Home System H4 Plus Firmware Awv Plus Wifi Alarm System Firmware G5W 3G Firmware +7
NVD GitHub
CVSS 3.0
9.1
EPSS
1.3%
CVE-2019-1614 HIGH This Week

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-9693 HIGH PATCH This Week

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-9686 HIGH PATCH This Week

pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Pacman
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-9661 MEDIUM POC This Month

Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-9660 MEDIUM POC This Month

Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-9675 HIGH PATCH This Week

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

PHP Buffer Overflow Ubuntu Linux Leap
NVD
CVSS 3.0
8.1
EPSS
6.0%
CVE-2019-4016 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-4015 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-1618 HIGH This Week

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1616 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-1615 MEDIUM This Month

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Cisco Information Disclosure Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2019-1613 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1612 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2019-1611 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os Fx Os
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1610 MEDIUM This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1690 MEDIUM This Month

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1702 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Enterprise Chat And Email
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1707 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Catalyst Center
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-9658 MEDIUM PATCH This Month

Checkstyle before 8.18 loads external DTDs by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Checkstyle Debian Linux Fedora
NVD GitHub
CVSS 3.0
5.3
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy