Skip to main content
CVE-2019-9193 HIGH POC THREAT Act Now

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PostgreSQL Microsoft Apple RCE
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
91.9%
CVE-2019-6715 HIGH POC THREAT This Week

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
7.5
EPSS
19.4%
CVE-2019-3836 HIGH POC This Week

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls Fedora Leap
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-5514 HIGH This Week

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Fusion
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-9132 HIGH This Week

Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Kakaotalk
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-5890 HIGH This Week

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Geocall
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-8956 HIGH PATCH This Week

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-3792 HIGH PATCH This Week

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Concourse
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-3489 HIGH This Week

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Content Manager
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-5889 HIGH This Week

An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Geocall
NVD
CVSS 3.1
7.5
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy