Skip to main content
CVE-2019-11223 CRITICAL POC Act Now

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Supportcandy
NVD
CVSS 3.0
9.8
EPSS
8.8%
CVE-2019-11322 CRITICAL POC Act Now

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11320 CRITICAL POC Act Now

In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11319 CRITICAL POC Act Now

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11035 CRITICAL POC PATCH Act Now

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Storage Automation Store +3
NVD
CVSS 3.1
9.1
EPSS
4.4%
CVE-2019-11332 HIGH POC This Week

MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mkcms
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-3398 HIGH POC KEV PATCH THREAT This Week

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Atlassian Path Traversal RCE Confluence Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
97.2%
CVE-2019-11015 MEDIUM POC This Month

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Miui
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2019-9005 MEDIUM POC This Month

The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Path Traversal Power Scripts
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2019-10306 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Ontrack
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2019-9161 CRITICAL Act Now

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Command Injection Sundray Wan Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-9160 CRITICAL Act Now

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sundray Wan Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-11321 MEDIUM POC This Month

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-11034 CRITICAL PATCH Act Now

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Storage Automation Store +3
NVD
CVSS 3.1
9.1
EPSS
4.1%
CVE-2019-3718 HIGH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell CSRF Supportassist
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10893 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centos Web Panel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2019-11017 MEDIUM POC This Month

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Di 524 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2019-10303 HIGH PATCH This Week

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Publishersettings Credentials
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10302 HIGH PATCH This Week

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Jira Ext
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10301 HIGH PATCH This Week

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1797 HIGH This Week

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Wireless Lan Controller Software
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-11331 HIGH This Week

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-1841 HIGH This Week

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Center
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-3719 HIGH PATCH This Week

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity.

Dell RCE Supportassist
NVD
CVSS 3.1
8.0
EPSS
16.1%
CVE-2019-10300 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab CSRF
NVD
CVSS 3.0
8.0
EPSS
1.4%
CVE-2019-11324 HIGH PATCH This Week

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-3885 HIGH PATCH This Week

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Pacemaker Ubuntu Linux +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-8999 HIGH PATCH This Week

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Unified Endpoint Management
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1840 HIGH This Week

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Network Registrar
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-1837 HIGH This Week

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-1829 MEDIUM This Month

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Aironet Access Point Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-10305 MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xebialabs Xl Deploy
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10304 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Xebialabs Xl Deploy
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-1834 MEDIUM This Month

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-1800 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-1799 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1796 MEDIUM This Month

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-1722 MEDIUM This Month

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway Series Telepresence Video Communication Server
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1721 MEDIUM This Month

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-11084 MEDIUM This Month

GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gauth
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1792 MEDIUM This Month

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Umbrella
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-1826 MEDIUM This Month

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Point Firmware
NVD
CVSS 3.0
5.7
EPSS
0.6%
CVE-2019-1725 MEDIUM This Month

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-1777 MEDIUM This Month

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-1719 MEDIUM This Month

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-1831 MEDIUM This Month

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-1794 MEDIUM This Month

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Server
NVD
CVSS 3.1
5.1
EPSS
0.4%
CVE-2019-1830 MEDIUM This Month

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-1720 MEDIUM This Month

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100%. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2019-1802 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy