Skip to main content
CVE-2019-10867 HIGH POC PATCH THREAT Act Now

An issue was discovered in Pimcore before 5.7.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Deserialization Pimcore
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
69.4%
CVE-2019-10842 CRITICAL POC PATCH Act Now

Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Bootstrap Sass
NVD GitHub
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-10863 HIGH POC THREAT This Week

A command injection vulnerability exists in TeemIp versions before 2.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Command Injection Teemip
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
13.4%
CVE-2019-10856 MEDIUM POC PATCH This Month

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Notebook
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-6553 CRITICAL Act Now

A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Rockwell Rslinx
NVD
CVSS 3.1
9.8
EPSS
50.0%
CVE-2019-10844 CRITICAL PATCH Act Now

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Neural Network Libraries
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-3886 MEDIUM POC This Month

An incorrect permissions check was discovered in libvirt 4.8.0 and above. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Libvirt Leap Fedora
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-7001 HIGH This Week

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Information Disclosure Ip Office Contact Center
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-10299 HIGH This Week

Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudcoreo Deploytime
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10298 HIGH This Week

Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10297 HIGH This Week

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sametime
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10296 HIGH This Week

Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Serena Sra Deploy
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10295 HIGH This Week

Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Crittercism Dsym
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10294 HIGH This Week

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Kmap
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10291 HIGH PATCH This Week

Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Netsparker Cloud Scan
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10288 HIGH This Week

Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jabber Server
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10287 HIGH PATCH This Week

Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Youtrack Plugin
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10286 HIGH PATCH This Week

Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Deployhub
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10285 HIGH This Week

Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Minio Storage
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10284 HIGH This Week

Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Diawi Upload
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10283 HIGH PATCH This Week

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Mabl
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10282 HIGH PATCH This Week

Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Klaros Testmanagement
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10281 HIGH This Week

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Relution Enterprise Appstore Publisher
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10280 HIGH PATCH This Week

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Assembla Auth
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10277 HIGH This Week

Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Starteam
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-1003075 HIGH This Week

Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Audit To Database
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003074 HIGH This Week

Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hyper Sh Commons
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003073 HIGH This Week

Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Vs Team Services Continuous Deployment
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003072 HIGH This Week

Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Wildfly Deployer
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003071 HIGH PATCH This Week

Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Octopusdeploy
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003070 HIGH This Week

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Veracode Scanner
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003069 HIGH PATCH This Week

Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Security Scanner
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003068 HIGH This Week

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins VMware Information Disclosure Vmware Vrealize Automation
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003067 HIGH This Week

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Trac Publisher
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003066 HIGH This Week

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Bugzilla
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003065 HIGH This Week

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure Cloudshare Docker Machine
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003064 HIGH PATCH This Week

Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aws Device Farm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003063 HIGH PATCH This Week

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Amazon Sns Build Notifier
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003062 HIGH This Week

Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aws Cloudwatch Logs Publisher
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003061 HIGH This Week

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jenkins Cloudformation Plugin
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003060 HIGH This Week

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Official Owasp Zap
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003057 HIGH This Week

Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Bitbucket Approve
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003056 HIGH This Week

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Websphere Deployer
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003055 HIGH This Week

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ftp Publisher
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003054 HIGH This Week

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Jira Issue Updater
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003053 HIGH This Week

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hockeyapp
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003052 HIGH This Week

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Jenkins Information Disclosure Aws Elastic Beanstalk Publisher
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003051 HIGH This Week

Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Irc
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10273 MEDIUM POC This Month

Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
7.8%
CVE-2019-1828 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Rv320 Firmware Rv325 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy