Skip to main content
CVE-2019-11489 HIGH POC This Week

Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simplybook
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-9900 HIGH POC This Week

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
8.3
EPSS
3.7%
CVE-2019-11488 HIGH POC This Week

Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Simplybook
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-11518 HIGH POC This Week

An issue was discovered in SEMCMS 3.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-11537 MEDIUM POC This Month

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
4.6%
CVE-2019-9669 MEDIUM POC This Month

The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordfence
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-9901 CRITICAL PATCH Act Now

Envoy 1.9.0 and before does not normalize HTTP URL paths. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.0
10.0
EPSS
2.7%
CVE-2019-3801 CRITICAL Act Now

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java Cf Deployment Credhub Uaa Release
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2019-11519 MEDIUM POC PATCH This Month

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Nopcommerce
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11515 MEDIUM POC This Month

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Gila Cms
NVD
CVSS 3.0
4.9
EPSS
2.1%
CVE-2019-11513 MEDIUM POC This Month

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-9139 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9138 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9137 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-9136 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-9135 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-3900 HIGH PATCH This Week

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux +11
NVD
CVSS 3.1
7.7
EPSS
4.4%
CVE-2019-3721 HIGH This Week

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-11514 HIGH PATCH This Week

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Flarum
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-10955 MEDIUM This Month

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +3
NVD VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2019-3788 MEDIUM This Month

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Uaa Release
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4092 MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Content Navigator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-11511 MEDIUM This Month

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-4238 MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4148 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4077 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4076 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4075 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4074 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4073 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4033 MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-3720 MEDIUM This Month

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
4.9
EPSS
3.5%
CVE-2019-4222 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-4146 LOW Monitor

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
3.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy