Skip to main content
CVE-2019-11456 HIGH POC This Week

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Gila Cms
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-11447 HIGH POC THREAT This Week

An issue was discovered in CutePHP CuteNews 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Cutenews
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.9%
CVE-2019-11446 HIGH POC This Week

An issue was discovered in ATutor through 2.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2019-11416 HIGH POC This Week

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Iwr 3000N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-11414 HIGH POC This Week

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iwr 3000N Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-11455 HIGH POC PATCH This Week

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Monit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2019-8452 HIGH POC This Week

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Checkpoint Endpoint Security Zonealarm
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-5427 HIGH POC PATCH This Week

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure C3P0 Fedora Communications Ip Service Activator Communications Session Route Manager +7
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2019-11415 HIGH POC THREAT This Week

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iwr 3000N Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.7%
CVE-2019-11405 HIGH POC PATCH This Week

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Openapi Generator
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2019-11452 HIGH POC This Week

whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-11451 HIGH POC This Week

whatsns 4.0 allows index.php?inform/add.html qid SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Whatsns
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-11445 HIGH POC THREAT This Week

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Openkm
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
14.5%
CVE-2019-11444 HIGH POC THREAT This Week

An issue was discovered in Liferay Portal CE 7.1.2 GA3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Liferay Portal
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
12.8%
CVE-2019-11401 HIGH POC PATCH This Week

A issue was discovered in SiteServer CMS 6.9.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Siteserver Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.9%
CVE-2019-10248 HIGH PATCH This Week

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Vorto
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2019-11243 HIGH PATCH This Week

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Trident
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2019-11461 HIGH This Week

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Nautilus
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-6157 HIGH PATCH This Week

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Lenovo Information Disclosure Flex System X240 M4 Firmware Flex System X240 M5 Firmware Flex System X280 X6 Firmware +34
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6155 HIGH This Week

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Bladecenter Hs23 Firmware System X3530 M4 Firmware System X3630 M4 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2019-11413 HIGH PATCH This Week

An issue was discovered in Artifex MuJS 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mujs
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-11412 HIGH PATCH This Week

An issue was discovered in Artifex MuJS 1.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mujs Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy