Skip to main content
CVE-2019-10237 HIGH POC This Week

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF S Cms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-3817 HIGH POC PATCH This Week

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Libcomps
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-3829 HIGH POC THREAT This Week

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Memory Corruption Gnutls Fedora
NVD
CVSS 3.0
7.5
EPSS
59.0%
CVE-2019-5419 HIGH POC PATCH This Week

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rails Debian Linux Cloudforms Software Collections +2
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2019-5418 HIGH POC KEV PATCH THREAT This Week

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Rails Debian Linux Cloudforms Leap +2
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
98.5%
CVE-2019-1737 HIGH PATCH This Week

A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Cisco Apple Ios Xe iOS
NVD
CVSS 3.1
8.6
EPSS
2.6%
CVE-2019-10233 HIGH PATCH This Week

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-6536 HIGH This Week

Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Laquis Scada
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-1000031 HIGH This Week

A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Article2Pdf
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-9860 HIGH This Week

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-5927 HIGH This Week

Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple An
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-3821 HIGH This Week

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Civetweb Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-7167 HIGH This Week

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zcash
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy