Skip to main content
CVE-2019-11078 HIGH POC This Week

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Mkcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-11077 HIGH POC This Week

FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Fastadmin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-9975 HIGH POC This Week

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-3914 HIGH POC THREAT This Week

Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.2
EPSS
29.9%
CVE-2019-6525 HIGH This Week

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wonderware System Platform
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-9056 HIGH This Week

An issue was discovered in CMS Made Simple 2.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-9976 HIGH This Week

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure H660Rm Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-6610 HIGH This Week

On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2019-3845 HIGH This Week

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Satellite
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2019-6534 HIGH PATCH This Week

The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sentinel Ultrapro Client Library
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-5024 HIGH This Week

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartlinx Neuron 2 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2019-9628 HIGH This Week

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xmltooling Ubuntu Linux Leap
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-3916 HIGH This Week

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-3915 HIGH This Week

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Fios Quantum Gateway G1100 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy