Skip to main content
CVE-2019-9193 HIGH POC THREAT Act Now

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Microsoft Apple RCE
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
91.9%
CVE-2019-10684 CRITICAL POC Act Now

Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE 74Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-6715 HIGH POC THREAT This Week

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
7.5
EPSS
19.4%
CVE-2019-3836 HIGH POC This Week

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls Fedora Leap
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-10686 CRITICAL Act Now

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apollo
NVD GitHub
CVSS 3.0
10.0
EPSS
1.6%
CVE-2019-5523 CRITICAL Act Now

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation VMware Information Disclosure Vcloud Director
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-5891 CRITICAL Act Now

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Geocall
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-5514 HIGH This Week

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Fusion
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-9132 HIGH This Week

Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Kakaotalk
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-5890 HIGH This Week

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Geocall
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-8956 HIGH PATCH This Week

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-3792 HIGH PATCH This Week

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Concourse
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-3489 HIGH This Week

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Content Manager
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-5889 HIGH This Week

An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Geocall
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-5519 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Information Disclosure Fusion Workstation ESXi
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2019-5518 MEDIUM This Month

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2019-1002100 MEDIUM PATCH This Month

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
10.6%
CVE-2019-3876 MEDIUM This Month

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Openshift Container Platform
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2019-5888 MEDIUM This Month

Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Geocall
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-1002101 MEDIUM PATCH This Month

The kubectl cp command allows copying files between containers and the user machine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.0
5.5
EPSS
13.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy