Skip to main content
CVE-2019-7746 HIGH POC This Week

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
1.1%
CVE-2019-10869 HIGH POC THREAT This Week

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal WordPress Ninja Forms File Uploads
NVD
CVSS 3.1
8.1
EPSS
13.0%
CVE-2019-10742 HIGH POC PATCH MAL This Week

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Axios
NVD GitHub
CVSS 3.0
7.5
EPSS
6.0%
CVE-2019-7443 HIGH PATCH This Week

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Kauth Leap Backports Fedora
NVD
CVSS 3.0
8.1
EPSS
2.4%
CVE-2019-11810 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.5
EPSS
5.8%
CVE-2019-4208 HIGH PATCH This Week

IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2019-11811 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.4. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy