Skip to main content
CVE-2019-11018 CRITICAL POC Act Now

application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Thinkadmin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-11014 CRITICAL POC Act Now

The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Information Disclosure Eye4
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11005 CRITICAL POC Act Now

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Leap
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-11006 CRITICAL POC Act Now

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Graphicsmagick Leap +1
NVD
CVSS 3.0
9.1
EPSS
2.9%
CVE-2019-11023 HIGH POC This Week

The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Graphviz
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2019-11008 HIGH POC This Week

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Graphicsmagick Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2019-11009 HIGH POC This Week

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Graphicsmagick Leap +1
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2019-0211 HIGH POC KEV PATCH THREAT This Week

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Use After Free Apache Memory Corruption Http Server +25
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
65.0%
CVE-2019-0667 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
31.3%
CVE-2019-11001 HIGH POC KEV THREAT This Week

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rlc 410W Firmware C1 Pro Firmware C2 Pro Firmware Rlc 422W Firmware +1
NVD GitHub
CVSS 3.1
7.2
EPSS
38.4%
CVE-2019-11026 MEDIUM POC This Month

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-11004 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Toast feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11003 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11002 MEDIUM POC PATCH This Month

In Materialize through 1.0.0, XSS is possible via the Tooltip feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Materialize CSS
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4155 CRITICAL Act Now

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation IBM Api Connect
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-10914 CRITICAL PATCH Act Now

pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Matrixssl
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-11024 MEDIUM POC This Month

The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-1798 MEDIUM POC This Month

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1788 MEDIUM POC This Month

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Leap Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-1787 MEDIUM POC This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-11025 MEDIUM POC This Month

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-0612 MEDIUM POC PATCH THREAT This Month

A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Edge
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
10.5%
CVE-2019-11007 HIGH This Week

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Graphicsmagick Backports Sle +3
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-4210 HIGH This Week

IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2019-0617 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
19.6%
CVE-2019-1785 HIGH This Week

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-0666 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.4%
CVE-2019-0665 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
8.3%
CVE-2019-0639 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
12.0%
CVE-2019-0611 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
9.2%
CVE-2019-0609 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Chakracore +2
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2019-0603 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.5
EPSS
34.2%
CVE-2019-0592 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
22.9%
CVE-2019-0217 HIGH PATCH This Week

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Race Condition Apache Http Server Debian Linux +11
NVD
CVSS 3.1
7.5
EPSS
17.7%
CVE-2019-0215 HIGH This Week

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Apache Http Server Fedora
NVD
CVSS 3.0
7.5
EPSS
10.5%
CVE-2019-0614 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
6.5
EPSS
6.6%
CVE-2019-11010 MEDIUM PATCH This Month

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2019-10845 MEDIUM This Month

An issue was discovered in Uniqkey Password Manager 1.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Manager
NVD VulDB
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-10676 MEDIUM This Month

An issue was discovered in Uniqkey Password Manager 1.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD VulDB
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-11016 MEDIUM PATCH This Month

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Elgg
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1786 MEDIUM This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-4143 MEDIUM This Month

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-4051 MEDIUM This Month

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2019-4045 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy