Skip to main content
CVE-2019-10068 CRITICAL POC KEV THREAT Emergency

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Xperience
NVD
CVSS 3.1
9.8
EPSS
96.0%
CVE-2019-9055 HIGH POC THREAT Act Now

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cms Made Simple
NVD GitHub
CVSS 3.0
8.8
EPSS
12.5%
CVE-2019-8981 CRITICAL POC PATCH Act Now

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Axtls
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-7714 CRITICAL POC Act Now

An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Integrity Rtos
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-7713 CRITICAL POC Act Now

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Integrity Rtos
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-3878 HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon Fedora Enterprise Linux +7
NVD GitHub
CVSS 3.0
8.1
EPSS
3.0%
CVE-2019-9053 HIGH POC THREAT This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Cms Made Simple
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
56.0%
CVE-2019-9764 HIGH POC PATCH This Week

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Hashicorp HashiCorp Consul
NVD GitHub
CVSS 3.0
7.4
EPSS
0.6%
CVE-2019-3597 CRITICAL Act Now

Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Network Security Manager
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-10061 CRITICAL PATCH Act Now

utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Node.js Command Injection Node Opencv
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-10107 MEDIUM POC This Month

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10106 MEDIUM POC This Month

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10105 MEDIUM POC This Month

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-6569 CRITICAL PATCH Act Now

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Scalance X 200 Firmware Scalance X 300 Firmware Scalance Xp 200 Firmware Scalance Xc 200 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-10063 CRITICAL PATCH Act Now

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Linux Flatpak
NVD GitHub
CVSS 3.0
9.0
EPSS
1.9%
CVE-2019-1571 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1570 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1569 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-9744 HIGH This Week

An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Fl Nat Smn 8Tx M Dmg Firmware Fl Nat Smn 8Tx M Firmware Fl Nat Smn 8Tx Firmware +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-9743 HIGH This Week

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Command Injection Rad 80211 Xd Hp Bus Firmware Rad 80211 Xd Firmware
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-3849 HIGH PATCH This Week

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-9061 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-9057 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-7646 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
7.2%
CVE-2019-8988 HIGH This Week

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Data Science For Aws Spotfire Data Science
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2019-10060 HIGH This Week

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Verix Multi App Conductor
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-3830 HIGH PATCH This Week

A vulnerability was found in ceilometer before version 12.0.0.0rc1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ceilometer Openstack
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-1572 HIGH This Week

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto PHP Information Disclosure Pan Os
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-3804 HIGH PATCH This Week

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cockpit Fedora Virtualization
NVD GitHub
CVSS 3.1
7.5
EPSS
4.9%
CVE-2019-7715 HIGH This Week

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integrity Rtos
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-7712 HIGH This Week

An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integrity Rtos
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-7711 HIGH This Week

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integrity Rtos
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-9059 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cms Made Simple
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2019-9058 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Cms Made Simple
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2019-6540 MEDIUM This Month

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mycarelink Monitor 24950 Firmware Mycarelink Monitor 24952 Firmware Carelink Monitor 2490C Firmware Carelink 2090 Firmware +19
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-9961 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Wikindx
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-3850 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Moodle
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-3826 MEDIUM PATCH This Month

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Prometheus Openshift Container Platform
NVD GitHub
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-8987 MEDIUM This Month

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Data Science For Aws Spotfire Data Science
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-6341 MEDIUM PATCH This Month

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Drupal Debian Linux Fedora
NVD
CVSS 3.0
5.4
EPSS
12.4%
CVE-2019-8989 MEDIUM This Month

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science For Aws Spotfire Data Science
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-3852 MEDIUM PATCH This Month

A vulnerability was found in moodle before version 3.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-3851 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-3848 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-3606 MEDIUM This Month

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure Network Security Manager
NVD
CVSS 3.0
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy