Skip to main content
CVE-2019-11383 CRITICAL POC Act Now

An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Wifi Ftp Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11384 CRITICAL POC Act Now

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Zalora
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2019-11450 CRITICAL POC Act Now

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11448 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2019-11395 CRITICAL POC THREAT Act Now

A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Mailcarrier
NVD
CVSS 3.0
9.8
EPSS
14.6%
CVE-2019-11393 CRITICAL POC Act Now

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Monit
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-11456 HIGH POC This Week

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Gila Cms
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-11447 HIGH POC THREAT This Week

An issue was discovered in CutePHP CuteNews 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Cutenews
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.9%
CVE-2019-11446 HIGH POC This Week

An issue was discovered in ATutor through 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2019-11416 HIGH POC This Week

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Iwr 3000N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-11414 HIGH POC This Week

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iwr 3000N Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-11455 HIGH POC PATCH This Week

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Monit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2019-8452 HIGH POC This Week

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Checkpoint Endpoint Security Zonealarm
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-5427 HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora Communications Ip Service Activator Communications Session Route Manager +7
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2019-11415 HIGH POC THREAT This Week

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iwr 3000N Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.7%
CVE-2019-11405 HIGH POC PATCH This Week

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Openapi Generator
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2019-11452 HIGH POC This Week

whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-11451 HIGH POC This Week

whatsns 4.0 allows index.php?inform/add.html qid SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-11445 HIGH POC THREAT This Week

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openkm
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
14.5%
CVE-2019-11444 HIGH POC THREAT This Week

An issue was discovered in Liferay Portal CE 7.1.2 GA3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Liferay Portal
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
12.8%
CVE-2019-11401 HIGH POC PATCH This Week

A issue was discovered in SiteServer CMS 6.9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Siteserver Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.9%
CVE-2019-9955 MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware Atp500 Firmware Atp800 Firmware +18
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
20.9%
CVE-2019-11454 MEDIUM POC PATCH This Month

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Monit Ubuntu Linux Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2019-11449 MEDIUM POC This Month

I, Librarian 4.10 has XSS via the notes.php notes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP I Librarian
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11428 MEDIUM POC This Month

I, Librarian 4.10 has XSS via the export.php export_files parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP I Librarian
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11427 MEDIUM POC This Month

An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11426 MEDIUM POC This Month

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11404 MEDIUM POC PATCH This Month

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Arrow
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-3899 CRITICAL Act Now

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Heketi
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-11418 CRITICAL Act Now

apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tew 632Brp Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11417 CRITICAL Act Now

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11411 CRITICAL PATCH Act Now

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mujs
NVD GitHub
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-11403 CRITICAL Act Now

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Cache Node Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-11402 CRITICAL Act Now

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-11235 CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora Enterprise Linux Enterprise Linux Eus +6
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11234 CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora Enterprise Linux Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2019-11460 CRITICAL PATCH Act Now

An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnome Desktop
NVD
CVSS 3.0
9.0
EPSS
2.0%
CVE-2019-10248 HIGH PATCH This Week

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Vorto
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2019-11243 HIGH PATCH This Week

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Trident
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2019-11461 HIGH This Week

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Nautilus
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-6157 HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware Flex System X240 M5 Firmware Flex System X280 X6 Firmware +34
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6155 HIGH This Week

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Bladecenter Hs23 Firmware System X3530 M4 Firmware System X3630 M4 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-11413 HIGH PATCH This Week

An issue was discovered in Artifex MuJS 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mujs
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-11412 HIGH PATCH This Week

An issue was discovered in Artifex MuJS 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mujs Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-0218 MEDIUM This Month

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pony Mail
NVD
CVSS 3.0
6.1
EPSS
5.1%
CVE-2019-10241 MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jetty Debian Linux Activemq Drill +3
NVD
CVSS 3.1
6.1
EPSS
9.6%
CVE-2019-3902 MEDIUM PATCH This Month

A flaw was found in Mercurial before 4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Mercurial Debian Linux Enterprise Linux
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-11459 MEDIUM PATCH This Month

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Evince Ubuntu Linux Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-10247 MEDIUM PATCH This Month

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Oncommand System Manager Snap Creator Framework Snapcenter +22
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2019-10246 MEDIUM PATCH This Month

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Jetty Oncommand System Manager Snap Creator Framework +22
NVD
CVSS 3.1
5.3
EPSS
4.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy