Skip to main content
CVE-2019-9688 HIGH POC This Week

sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sftnow
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-9656 HIGH POC This Week

An issue was discovered in LibOFX 0.9.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libofx Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-9652 HIGH POC This Week

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sdcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-9662 HIGH POC This Week

An issue was discovered in JTBC(PHP) 3.0.1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jtbc Php
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-1617 HIGH POC This Week

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.4
EPSS
1.5%
CVE-2019-1614 HIGH This Week

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-9693 HIGH PATCH This Week

In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-9686 HIGH PATCH This Week

pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Pacman
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-9675 HIGH PATCH This Week

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

PHP Buffer Overflow Ubuntu Linux Leap
NVD
CVSS 3.0
8.1
EPSS
6.0%
CVE-2019-4016 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-4015 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-1618 HIGH This Week

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1616 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy