Skip to main content
CVE-2019-9939 HIGH POC This Week

The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Shareit
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-9925 MEDIUM POC This Month

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9915 MEDIUM POC This Month

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Open Redirect Getsimplecms
NVD GitHub
CVSS 3.0
6.1
EPSS
3.6%
CVE-2019-9914 MEDIUM POC This Month

The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Yop Poll
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2019-9913 MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-9912 MEDIUM POC This Month

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Google Wp Go Maps
NVD
CVSS 3.1
6.1
EPSS
3.0%
CVE-2019-9911 MEDIUM POC This Month

The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Social Networks Auto Poster
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-9910 MEDIUM POC This Month

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Kingcomposer
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-9909 MEDIUM POC This Month

The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Givewp
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-9908 MEDIUM POC This Month

The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Font Organizer
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-1716 CRITICAL Act Now

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco RCE Ip Phone 8821 Firmware Ip Phone 8821 Ex Firmware +3
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-9927 CRITICAL Act Now

Caret before 2019-02-22 allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Caret
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-9649 MEDIUM POC THREAT This Month

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Core Ftp
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.5%
CVE-2019-9648 MEDIUM POC THREAT This Month

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Core Ftp
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.3%
CVE-2019-9938 MEDIUM POC This Month

The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Google Shareit
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-1764 HIGH This Week

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Ip Phone 8821 Firmware Ip Phone 8821 Ex Firmware Ip Conference Phone 8832 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-9924 HIGH This Week

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Bash Debian Linux Leap Hci Management Node +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1766 HIGH This Week

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ip Phone 8800 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-1763 HIGH This Week

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Ip Phone 8821 Firmware Ip Phone 8821 Ex Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-4052 HIGH PATCH This Week

IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-9937 HIGH PATCH This Week

In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite
NVD
CVSS 3.0
7.5
EPSS
6.3%
CVE-2019-9936 HIGH PATCH This Week

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Sqlite
NVD
CVSS 3.0
7.5
EPSS
5.7%
CVE-2019-9923 HIGH PATCH This Week

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Tar Leap
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-1765 MEDIUM This Month

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Ip Phone 8821 Firmware Ip Phone 8821 Ex Firmware Ip Conference Phone 8832 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-4035 MEDIUM This Month

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy