Skip to main content
CVE-2019-10888 HIGH POC This Week

A CSRF Issue that can add an admin user was discovered in UKcms v1.1.10 via admin.php/admin/role/add.html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Ukcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-10874 HIGH POC PATCH This Week

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE CSRF Bolt
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
4.5%
CVE-2019-10872 HIGH POC This Week

An issue was discovered in Poppler 0.74.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Poppler
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2019-10478 HIGH POC This Week

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Rbw 100 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
1.9%
CVE-2019-9489 HIGH PATCH Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management...

NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2019-9490 HIGH This Week

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-10884 HIGH This Week

Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Password Manager
NVD VulDB
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-10885 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-6554 HIGH This Week

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess
NVD
CVSS 3.1
7.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy