Skip to main content
CVE-2019-7539 HIGH POC This Week

A code injection issue was discovered in ipycache through 2016-05-31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ipycache
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-3871 HIGH POC THREAT This Week

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Authoritative Server Fedora
NVD
CVSS 3.0
8.8
EPSS
12.6%
CVE-2019-6491 HIGH POC This Week

RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gestao De Horarios
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-7433 HIGH POC This Week

PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Rental Bike Script
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-7391 HIGH POC THREAT This Week

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Dsl 491Hnu B10B Firmware Dsl 491Hnu B1B V2 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2019-6967 HIGH POC THREAT This Week

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Air 5341 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.5%
CVE-2019-6282 HIGH POC This Week

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-6279 HIGH POC This Week

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.5%
CVE-2019-6275 HIGH POC THREAT This Week

Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.5%
CVE-2019-6274 HIGH POC THREAT This Week

Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
11.2%
CVE-2019-6272 HIGH POC THREAT This Week

Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl Ar300M Lite Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
12.5%
CVE-2019-3497 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2019-3496 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 3.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2019-3495 HIGH POC This Week

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Unibox Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2019-5414 HIGH POC PATCH MAL This Week

If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Kill Port
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2019-9878 HIGH POC This Week

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Pdfalto Xpdf
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9877 HIGH POC This Week

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdf
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-7385 HIGH POC THREAT This Week

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iscom Ht803G U Firmware Iscom Ht803G W Firmware Iscom Ht803G 1Ge Firmware +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
12.2%
CVE-2019-7384 HIGH POC This Week

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iscom Ht803G U Firmware Iscom Ht803G W Firmware Iscom Ht803G 1Ge Firmware +1
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-7383 HIGH POC This Week

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Cumilon Isg 600C Firmware Cumilon Isg 600H Firmware Cumilon Isg 800W Firmware
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-7221 HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +14
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-6724 HIGH POC This Week

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Apple RCE Vpn Client
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-6116 HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora Ubuntu Linux Debian Linux +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
43.9%
CVE-2019-6973 HIGH POC THREAT This Week

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gsoap
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
13.8%
CVE-2019-5417 HIGH POC PATCH This Week

A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Serve
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-5416 HIGH POC This Week

A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Localhost Now
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-5415 HIGH POC PATCH This Week

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serve
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-3855 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Fedora Debian Linux +11
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2019-6731 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-6730 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2019-6729 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-6727 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2019-5729 HIGH PATCH This Week

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Splunk Python Information Disclosure Software Development Kit
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2019-9896 HIGH This Week

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Putty Backports Sle Leap
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-6778 HIGH PATCH This Week

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Leap Fedora +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-4094 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-9897 HIGH PATCH This Week

Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Oncommand Unified Manager +1
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-9894 HIGH PATCH This Week

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Putty Fedora Debian Linux +2
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-7161 HIGH PATCH This Week

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
7.5
EPSS
5.6%
CVE-2019-6970 HIGH PATCH This Week

Moodle 3.5.x before 3.5.4 allows SSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Moodle
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-6690 HIGH PATCH This Week

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Python Gnupg Debian Linux Leap +2
NVD
CVSS 3.1
7.5
EPSS
8.5%
CVE-2019-5885 HIGH PATCH This Week

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synapse Fedora
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-9868 HIGH This Week

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Appliance
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-9867 HIGH This Week

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Appliance
NVD
CVSS 3.0
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy