Skip to main content
CVE-2019-10262 CRITICAL POC Act Now

A SQL Injection issue was discovered in BlueCMS 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bluecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9204 CRITICAL POC THREAT Act Now

SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Incident Manager
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2019-9203 CRITICAL POC THREAT Act Now

Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Incident Manager
NVD
CVSS 3.1
9.8
EPSS
20.4%
CVE-2019-9165 CRITICAL POC Act Now

SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-9202 HIGH POC THREAT This Week

Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Incident Manager
NVD
CVSS 3.1
8.8
EPSS
24.2%
CVE-2019-9164 HIGH POC THREAT This Week

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
46.0%
CVE-2019-9864 MEDIUM POC This Month

PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Amazon Affiliate Store
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-9167 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
21.7%
CVE-2019-10251 MEDIUM POC This Month

The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Uc Browser
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2019-10250 MEDIUM POC This Month

UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Uc Browser
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2019-1003041 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline Openshift Container Platform
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-1003040 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Script Security Openshift Container Platform
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-1754 HIGH PATCH This Week

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-1753 HIGH PATCH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2019-1743 HIGH PATCH This Week

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-1747 HIGH PATCH This Week

A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
2.4%
CVE-2019-1740 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe iOS
NVD
CVSS 3.1
8.6
EPSS
2.2%
CVE-2019-3710 HIGH This Week

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dell Emc Networking Os10
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-9166 HIGH This Week

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP Privilege Escalation Nagios Xi
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-1003048 HIGH PATCH This Week

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Prqa
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-7524 HIGH This Week

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dovecot Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-1745 HIGH PATCH This Week

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0225 HIGH PATCH This Week

A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Jspwiki
NVD
CVSS 3.1
7.5
EPSS
10.3%
CVE-2019-0222 HIGH PATCH This Week

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Activemq E Series Santricity Web Services Communications Diameter Signaling Router +5
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2019-0212 HIGH PATCH This Week

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Hbase
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-6605 HIGH This Week

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Edge Gateway +9
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-6603 HIGH This Week

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Edge Gateway +9
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-6602 HIGH This Week

In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-1003043 HIGH PATCH This Week

A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jenkins Slack Notification
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-5739 HIGH This Week

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js Leap
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-5737 HIGH This Week

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js Leap
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2019-6542 HIGH This Week

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-1752 HIGH PATCH This Week

A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1751 HIGH PATCH This Week

A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-1741 HIGH PATCH This Week

A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-1739 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1738 HIGH PATCH This Week

A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1750 HIGH PATCH This Week

A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-1749 HIGH PATCH This Week

A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2019-1748 HIGH PATCH This Week

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Cisco Apple Information Disclosure iOS +1
NVD
CVSS 3.1
7.4
EPSS
1.2%
CVE-2019-3869 HIGH PATCH This Week

When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Ansible Tower
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-1756 HIGH PATCH This Week

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure iOS Ios Xe
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2019-1755 HIGH PATCH This Week

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
7.2
EPSS
3.5%
CVE-2019-1003044 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins CSRF Slack Notification
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-5674 HIGH PATCH This Week

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. Rated high severity (CVSS 7.0).

Nvidia Denial Of Service RCE Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2019-6607 MEDIUM This Month

On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE CSRF Big Ip Application Security Manager
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2019-6604 MEDIUM This Month

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Edge Gateway +10
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2019-1003047 MEDIUM PATCH This Month

A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Fortify On Demand Uploader
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1003046 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Fortify On Demand Uploader
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-1003045 MEDIUM PATCH This Month

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ecs Publisher
NVD
CVSS 3.1
6.5
EPSS
1.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy