Skip to main content
CVE-2019-7537 CRITICAL POC PATCH Act Now

An issue was discovered in Donfig 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Donfig
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-7238 CRITICAL POC KEV THREAT Act Now

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
9.8
EPSS
76.5%
CVE-2019-9083 CRITICAL POC THREAT Act Now

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sqlitemanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.6%
CVE-2019-6714 CRITICAL POC THREAT Act Now

An issue was discovered in BlogEngine.NET through 3.3.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Blogengine Net
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
31.7%
CVE-2019-6441 CRITICAL POC THREAT Act Now

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rt3050 Firmware Rt3052 Firmware Rt7620 Firmware Wm3300 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.6%
CVE-2019-5723 CRITICAL POC Act Now

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Portier
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-5722 CRITICAL POC Act Now

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Portier
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-5413 CRITICAL POC PATCH Act Now

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Node.js RCE Morgan
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-6716 CRITICAL POC Act Now

An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Nervepoint Access Manager
NVD Exploit-DB
CVSS 3.0
9.4
EPSS
9.6%
CVE-2019-7539 HIGH POC This Week

A code injection issue was discovered in ipycache through 2016-05-31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ipycache
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-3871 HIGH POC THREAT This Week

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Authoritative Server Fedora
NVD
CVSS 3.0
8.8
EPSS
12.6%
CVE-2019-6491 HIGH POC This Week

RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gestao De Horarios
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-7433 HIGH POC This Week

PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Rental Bike Script
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-7391 HIGH POC THREAT This Week

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Dsl 491Hnu B10B Firmware Dsl 491Hnu B1B V2 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2019-6967 HIGH POC THREAT This Week

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Air 5341 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.5%
CVE-2019-6282 HIGH POC This Week

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-6279 HIGH POC This Week

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.5%
CVE-2019-6275 HIGH POC THREAT This Week

Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.5%
CVE-2019-6274 HIGH POC THREAT This Week

Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
11.2%
CVE-2019-6272 HIGH POC THREAT This Week

Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.5%
CVE-2019-3497 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2019-3496 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 3.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2019-3495 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2019-5414 HIGH POC PATCH MAL This Week

If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Kill Port
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-9878 HIGH POC This Week

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Pdfalto Xpdf
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9877 HIGH POC This Week

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdf
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-7385 HIGH POC THREAT This Week

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iscom Ht803G U Firmware Iscom Ht803G W Firmware Iscom Ht803G 1Ge Firmware +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
12.2%
CVE-2019-7384 HIGH POC This Week

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iscom Ht803G U Firmware Iscom Ht803G W Firmware Iscom Ht803G 1Ge Firmware +1
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-7383 HIGH POC This Week

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Cumilon Isg 600C Firmware Cumilon Isg 600H Firmware Cumilon Isg 800W Firmware
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-7221 HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +14
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-6724 HIGH POC This Week

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Apple RCE Vpn Client
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-6116 HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora Ubuntu Linux Debian Linux +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
43.9%
CVE-2019-6973 HIGH POC THREAT This Week

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gsoap
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
13.8%
CVE-2019-5417 HIGH POC PATCH This Week

A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Serve
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-5416 HIGH POC This Week

A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Localhost Now
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-5415 HIGH POC PATCH This Week

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serve
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-7386 MEDIUM POC This Month

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia RCE Denial Of Service Kaios 8810 4G Firmware
NVD VulDB
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-9904 MEDIUM POC This Month

An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphviz
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-9903 MEDIUM POC This Month

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poppler Fedora Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-7441 MEDIUM POC This Month

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Paypal Checkout Payment Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
5.9%
CVE-2019-7440 MEDIUM POC This Month

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-7439 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.8%
CVE-2019-7436 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Opensource Classified Ads Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7434 MEDIUM POC This Month

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Rental Bike Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7431 MEDIUM POC This Month

PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Image Sharing Script
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-7429 MEDIUM POC This Month

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Property Rental Software
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-6273 MEDIUM POC THREAT This Month

download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.5%
CVE-2019-8938 MEDIUM POC This Month

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vertrigoserv
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-7438 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
CVE-2019-7437 MEDIUM POC This Month

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Opensource Classified Ads Script
NVD
CVSS 3.0
6.1
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy