Skip to main content
CVE-2019-5420 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Rails Debian Linux Fedora
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.1%
CVE-2019-10232 CRITICAL POC PATCH THREAT Act Now

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
23.2%
CVE-2019-9863 CRITICAL POC Act Now

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-10125 CRITICAL POC Act Now

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-1010257 CRITICAL POC Act Now

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Information Disclosure Article2Pdf
NVD
CVSS 3.1
9.1
EPSS
4.4%
CVE-2019-10237 HIGH POC This Week

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF S Cms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-3817 HIGH POC PATCH This Week

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Libcomps
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-3829 HIGH POC THREAT This Week

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption Gnutls Fedora
NVD
CVSS 3.0
7.5
EPSS
59.0%
CVE-2019-5419 HIGH POC PATCH This Week

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rails Debian Linux Cloudforms Software Collections +2
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2019-5418 HIGH POC KEV PATCH THREAT This Week

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Rails Debian Linux Cloudforms Leap +2
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
98.5%
CVE-2019-3814 MEDIUM POC This Month

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Dovecot Ubuntu Linux Leap
NVD
CVSS 3.0
6.8
EPSS
2.5%
CVE-2019-9862 MEDIUM POC This Month

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-3840 MEDIUM POC This Month

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libvirt Leap
NVD
CVSS 3.0
6.3
EPSS
1.5%
CVE-2019-10238 MEDIUM POC This Month

Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sitemagic
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-0160 CRITICAL Act Now

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service Edk Ii Leap +6
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-10231 CRITICAL PATCH Act Now

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Authentication Bypass PHP Memory Corruption Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-1737 HIGH PATCH This Week

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Cisco Apple Ios Xe iOS
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2019-10233 HIGH PATCH This Week

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-6536 HIGH This Week

Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Laquis Scada
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-1000031 HIGH This Week

A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Article2Pdf
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-9860 HIGH This Week

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-5927 HIGH This Week

Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple An
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-3821 HIGH This Week

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Civetweb Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-7167 HIGH This Week

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-9917 MEDIUM PATCH This Month

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Znc Ubuntu Linux Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
3.1%
CVE-2019-5926 MEDIUM This Month

Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kinagacms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-3877 MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora Enterprise Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-10118 MEDIUM PATCH This Month

Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Snipe It
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-0161 MEDIUM PATCH This Month

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Edk Ii
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3847 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
4.8
EPSS
2.3%
CVE-2019-3828 MEDIUM PATCH This Month

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Path Traversal Ansible
NVD GitHub
CVSS 3.1
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy