Skip to main content
CVE-2019-11539 HIGH POC KEV THREAT Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Command Injection Connect Secure Policy Secure Pulse Policy Secure
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
98.6%
CVE-2019-11557 HIGH POC This Week

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress CSRF Wp Form Builder
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-9810 HIGH POC THREAT This Week

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird Enterprise Linux +3
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
29.5%
CVE-2019-3844 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Ubuntu Linux Hci Management Node Snapprotect +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-3843 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Ubuntu Linux Hci Management Node +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-11493 HIGH POC This Week

VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Verypdf
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-11538 HIGH POC This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure
NVD
CVSS 3.1
7.7
EPSS
7.4%
CVE-2019-9809 HIGH POC This Week

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-11542 HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.1
7.2
EPSS
66.1%
CVE-2019-9813 HIGH POC This Week

Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Memory Corruption Firefox Thunderbird
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.4%
CVE-2019-11219 HIGH This Week

The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ilnkp2P
NVD
CVSS 3.0
8.2
EPSS
1.8%
CVE-2019-7476 HIGH This Week

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Sonicwall Global Management System
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-11220 HIGH This Week

An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ilnkp2P
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2019-6689 HIGH This Week

An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Tidal Workload Automation
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-11492 HIGH This Week

ProjectSend before r1070 writes user passwords to the server logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Projectsend
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9806 HIGH This Week

A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9802 HIGH This Week

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-9799 HIGH This Week

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-11541 HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-9803 HIGH This Week

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2019-9798 HIGH This Week

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy