Skip to main content
CVE-2019-3396 CRITICAL POC KEV PATCH THREAT Act Now

Atlassian Confluence Server Widget Connector macro contains a path traversal and server-side template injection vulnerability enabling unauthenticated remote code execution through crafted URLs.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.5%
Threat
9.8
CVE-2019-7609 CRITICAL POC KEV THREAT Emergency

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Elastic RCE Kibana Openshift Container Platform
NVD
CVSS 3.1
10.0
EPSS
95.3%
CVE-2019-10041 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10040 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-10039 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-10044 HIGH POC This Week

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Telegram Telegram Desktop
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2019-7642 HIGH POC This Week

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 817Lw Firmware Dir 816L Firmware Dir 816 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-10042 HIGH POC This Week

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-10012 HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-3841 MEDIUM POC This Month

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Containerized Data Importer
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2019-3810 MEDIUM POC PATCH THREAT This Month

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moodle
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
13.9%
CVE-2019-10016 MEDIUM POC This Month

GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Advanced Server
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-3809 CRITICAL PATCH Act Now

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF Mozilla CSRF Moodle
NVD
CVSS 3.0
10.0
EPSS
0.9%
CVE-2019-7612 CRITICAL Act Now

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash Active Iq Performance Analytics Services
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-3395 CRITICAL PATCH Act Now

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Confluence Server
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2019-10011 CRITICAL Act Now

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Campus Solution
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-3479 CRITICAL Act Now

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Arcsight Logger
NVD
CVSS 3.0
9.8
EPSS
6.9%
CVE-2019-3476 CRITICAL Act Now

Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-10026 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10025 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10024 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10023 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10022 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10021 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10020 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10019 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-10018 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-3861 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-3860 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-7610 CRITICAL Act Now

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Elastic RCE Kibana
NVD
CVSS 3.0
9.0
EPSS
3.9%
CVE-2019-3857 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3856 HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3863 HIGH PATCH This Week

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Libssh2 Debian Linux Ontap Select Deploy Administration Utility +7
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-10027 MEDIUM POC This Month

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-7611 HIGH PATCH This Week

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Elastic Elasticsearch
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-3879 HIGH This Week

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ovirt Virtualization
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2019-0204 HIGH PATCH This Week

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Docker Apache Mesos Fuse
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2019-3484 HIGH This Week

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Arcsight Logger
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-7613 HIGH This Week

Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Winlogbeat
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-4046 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-6240 HIGH This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-3481 HIGH This Week

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Arcsight Logger
NVD
CVSS 3.0
7.1
EPSS
1.7%
CVE-2019-3827 HIGH PATCH This Week

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Gvfs
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-3831 MEDIUM PATCH This Month

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vdsm Gluster Storage
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2019-6538 MEDIUM This Month

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mycarelink Monitor Firmware Carelink Monitor Firmware Carelink 2090 Firmware Amplia Crt D Firmware +16
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-3874 MEDIUM PATCH This Month

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Kernel Debian Linux Enterprise Linux Ubuntu Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3483 MEDIUM This Month

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Logger
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-3482 MEDIUM This Month

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcsight Logger
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2019-7608 MEDIUM This Month

Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-3480 MEDIUM This Month

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.0
6.1
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy