Skip to main content
CVE-2019-7745 CRITICAL POC Act Now

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-7564 CRITICAL POC Act Now

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rt3052 Firmware Rt3050 Firmware Wm3300 Firmware Rt7620 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-7746 HIGH POC This Week

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
1.1%
CVE-2019-10869 HIGH POC THREAT This Week

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal WordPress Ninja Forms File Uploads
NVD
CVSS 3.1
8.1
EPSS
13.0%
CVE-2019-10742 HIGH POC PATCH MAL This Week

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Axios
NVD GitHub
CVSS 3.0
7.5
EPSS
6.0%
CVE-2019-7687 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-7541 MEDIUM POC This Month

Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.2%
CVE-2019-7427 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-7426 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-10712 CRITICAL Act Now

The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 750 830 Firmware 750 849 Firmware 750 871 Firmware 750 872 Firmware +12
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-11560 CRITICAL Act Now

A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Hi3516 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-9708 MEDIUM POC This Month

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2019-7443 HIGH PATCH This Week

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Kauth Leap Backports Fedora
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2019-11810 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.5
EPSS
5.8%
CVE-2019-4208 HIGH PATCH This Week

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2019-11811 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.4. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2019-11629 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus Repository Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-9709 MEDIUM This Month

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mahara
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-11808 LOW PATCH Monitor

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Ratpack
NVD GitHub
CVSS 3.0
3.7
EPSS
1.3%
CVE-2019-4207 LOW PATCH Monitor

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Tririga Application Platform
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy