Skip to main content
CVE-2019-11196 CRITICAL POC Act Now

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Integrated University Management System
NVD
CVSS 3.0
9.8
EPSS
6.3%
CVE-2019-10880 CRITICAL Act Now

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Colorqube 8700 Firmware Colorqube 8900 Firmware Colorqube 9301 Firmware Colorqube 9302 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
8.5%
CVE-2019-11190 MEDIUM POC PATCH This Month

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus. Rated medium severity (CVSS 4.7). Public exploit code available.

Authentication Bypass Race Condition Linux Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2019-11213 HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2019-11191 LOW POC Monitor

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Authentication Bypass Race Condition Linux Linux Kernel
NVD
CVSS 3.0
2.5
EPSS
0.5%
CVE-2019-1574 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Expedition Migration Tool
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy