Skip to main content
CVE-2019-10673 HIGH POC This Week

A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE CSRF Ultimate Member
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-10240 HIGH POC PATCH This Week

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Hawkbit
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-4014 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow IBM Microsoft RCE Db2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5423 HIGH PATCH This Week

Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Path Traversal Http Live Simulator
NVD
CVSS 3.0
7.5
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy