Skip to main content
CVE-2019-5421 CRITICAL POC PATCH Act Now

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devise
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-10673 HIGH POC This Week

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE CSRF Ultimate Member
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-10240 HIGH POC PATCH This Week

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Hawkbit
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-10723 MEDIUM POC This Month

An issue was discovered in PoDoFo 0.9.6. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-10261 MEDIUM POC This Month

CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centos Web Panel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.4%
CVE-2019-4014 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5423 HIGH PATCH This Week

Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Path Traversal Http Live Simulator
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-5422 MEDIUM This Month

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Node.js Buttle
NVD
CVSS 3.0
6.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy