Skip to main content
CVE-2019-2725 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oracle Agile Plm Communications Converged Application Server Peoplesoft Enterprise Peopletools +5
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-11539 HIGH POC KEV THREAT Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Command Injection Connect Secure Policy Secure Pulse Policy Secure
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
98.6%
CVE-2019-9792 CRITICAL POC THREAT Act Now

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Thunderbird +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.2%
CVE-2019-9791 CRITICAL POC THREAT Act Now

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Thunderbird +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2019-11540 CRITICAL POC Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2019-11557 HIGH POC This Week

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress CSRF Wp Form Builder
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-9810 HIGH POC THREAT This Week

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird Enterprise Linux +3
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
29.5%
CVE-2019-3844 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Ubuntu Linux Hci Management Node Snapprotect +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-3843 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Ubuntu Linux Hci Management Node +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-11493 HIGH POC This Week

VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Verypdf
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-11538 HIGH POC This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure
NVD
CVSS 3.1
7.7
EPSS
7.4%
CVE-2019-9809 HIGH POC This Week

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-11542 HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.1
7.2
EPSS
66.1%
CVE-2019-0186 MEDIUM POC PATCH THREAT This Month

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Pluto
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
20.6%
CVE-2019-3707 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3706 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3705 CRITICAL Act Now

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell RCE Idrac6 Firmware Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2019-9805 CRITICAL Act Now

A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-9804 CRITICAL Act Now

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Command Injection Firefox
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9796 CRITICAL Act Now

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Information Disclosure Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-9795 CRITICAL Act Now

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9794 CRITICAL Act Now

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9790 CRITICAL Act Now

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9789 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2019-9788 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +5
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-9813 HIGH POC This Week

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Memory Corruption Firefox Thunderbird
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.4%
CVE-2019-9807 MEDIUM POC This Month

When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-11219 HIGH This Week

The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ilnkp2P
NVD
CVSS 3.0
8.2
EPSS
1.8%
CVE-2019-7476 HIGH This Week

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Sonicwall Global Management System
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-11220 HIGH This Week

An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ilnkp2P
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-6689 HIGH This Week

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Tidal Workload Automation
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-11492 HIGH This Week

ProjectSend before r1070 writes user passwords to the server logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Projectsend
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9806 HIGH This Week

A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9802 HIGH This Week

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9799 HIGH This Week

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-11541 HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-9803 HIGH This Week

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2019-9798 HIGH This Week

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2019-11533 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Projectsend
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-11543 MEDIUM This Month

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2019-11555 MEDIUM PATCH This Month

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Hostapd Wpa Supplicant
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2019-9793 MEDIUM This Month

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2019-9808 MEDIUM This Month

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2019-9801 MEDIUM This Month

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-9797 MEDIUM This Month

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy