Skip to main content
CVE-2019-11365 CRITICAL POC PATCH Act Now

An issue was discovered in atftpd in atftp 0.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Atftp
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-11362 CRITICAL POC Act Now

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rocboss
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11378 HIGH POC This Week

An issue was discovered in ProjectSend r1053. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Projectsend
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-11377 HIGH POC This Week

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wcms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-11374 HIGH POC This Week

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF 74Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.9%
CVE-2019-11376 HIGH POC This Week

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Soy Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2019-11375 MEDIUM POC This Month

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Msvod
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.6%
CVE-2019-11373 MEDIUM POC PATCH This Month

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Mediainfo Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-11372 MEDIUM POC PATCH This Month

An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Mediainfo Fedora
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2019-11359 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP I Librarian
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-11358 MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2019-11366 MEDIUM POC PATCH This Month

An issue was discovered in atftpd in atftp 0.7.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Atftp
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2019-11371 CRITICAL Act Now

BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Burrow Wheeler Aligner
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy