Skip to main content
CVE-2019-11569 HIGH POC This Week

Veeam ONE Reporter 9.5.0.3201 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF One Reporter
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-10999 HIGH POC This Week

The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow D-Link Memory Corruption Dcs 930l Firmware +9
NVD GitHub
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-10249 HIGH POC PATCH This Week

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Xtend Xtext
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2019-11807 HIGH POC This Week

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress Woocommerce Checkout Manager
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-5432 HIGH POC PATCH This Week

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mqtt Packet
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-5430 HIGH This Week

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Video
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-3565 HIGH PATCH This Week

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-3564 HIGH PATCH This Week

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-3559 HIGH PATCH This Week

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-3558 HIGH PATCH This Week

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-3552 HIGH PATCH This Week

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy