Skip to main content
CVE-2019-10708 CRITICAL POC Act Now

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-10707 CRITICAL POC Act Now

MKCMS V5.0 has SQL injection via the bplay.php play parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mkcms
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10692 CRITICAL POC PATCH THREAT Act Now

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Google Wp Go Maps
NVD
CVSS 3.1
9.8
EPSS
78.7%
CVE-2019-9759 CRITICAL POC Act Now

An issue was discovered in TONGDA Office Anywhere 10.18.190121. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft PHP Office Anywhere
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-1010260 HIGH POC PATCH This Week

Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Ktlint
NVD GitHub
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-10714 MEDIUM POC PATCH This Month

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6506 CRITICAL Act Now

SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-7475 CRITICAL Act Now

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware Sonicwall Sonicos +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-5524 HIGH This Week

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Memory Corruption Fusion Workstation
NVD
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-5515 HIGH This Week

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow VMware RCE Memory Corruption +2
NVD
CVSS 3.0
8.8
EPSS
4.2%
CVE-2019-6531 HIGH This Week

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Pr100088 Modbus Gateway Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-9946 HIGH PATCH This Week

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Portmap Cloud Insights
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7477 HIGH This Week

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Sonicwall Sonicos +1
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-4043 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling B2b Integrator
NVD
CVSS 3.1
7.1
EPSS
2.5%
CVE-2019-7474 MEDIUM This Month

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft VMware Information Disclosure Sonicwall Sonicos +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-4080 MEDIUM PATCH This Month

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-4093 MEDIUM This Month

IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Microsoft Information Disclosure Spectrum Protect
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy