Skip to main content
CVE-2019-11510 CRITICAL POC KEV PATCH THREAT Act Now

Pulse Secure Pulse Connect Secure contains a pre-authentication arbitrary file reading vulnerability that allows unauthenticated remote attackers to read any file from the VPN appliance, including cached credentials and session tokens.

NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.4%
Threat
9.8
CVE-2019-7442 CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Hashicorp Enterprise Password Vault
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
40.0%
CVE-2019-5021 CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine Leap Big Ip Controller
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-8387 CRITICAL POC THREAT Act Now

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
55.7%
CVE-2019-11815 HIGH POC PATCH This Week

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Linux Information Disclosure Linux Kernel Ubuntu Linux +12
NVD GitHub
CVSS 3.1
8.1
EPSS
4.5%
CVE-2019-11819 HIGH POC PATCH This Week

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Opencms
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-11508 HIGH POC PATCH THREAT This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ivanti Path Traversal RCE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
15.0%
CVE-2019-11406 MEDIUM POC PATCH This Month

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11398 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ulicms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2019-11507 MEDIUM POC PATCH This Month

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ivanti Connect Secure
NVD
CVSS 3.1
6.1
EPSS
4.1%
CVE-2019-11818 MEDIUM POC PATCH This Month

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11564 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Humhub
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-8349 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2019-2047 CRITICAL Act Now

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-2046 CRITICAL Act Now

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-2045 CRITICAL Act Now

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-9505 CRITICAL Act Now

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Print Management
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-8285 HIGH This Week

Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Antivirus Engine
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2019-2044 HIGH This Week

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-11642 HIGH This Week

A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Oneshield Policy
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-2054 HIGH This Week

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-2050 HIGH This Week

In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2019-2049 HIGH This Week

In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Google +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-11494 HIGH This Week

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dovecot Fedora Leap
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-11458 HIGH PATCH This Week

An issue was discovered in SmtpTransport in CakePHP 3.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Cakephp
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-2052 HIGH This Week

In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2019-2051 HIGH This Week

In heap of spaces.h, there is a possible out of bounds read due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2019-11499 HIGH This Week

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dovecot Fedora Leap
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-2043 HIGH This Week

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2019-5014 MEDIUM This Month

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fw 1007 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-11814 MEDIUM PATCH This Month

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11812 MEDIUM PATCH This Month

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11813 MEDIUM PATCH This Month

An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11643 MEDIUM This Month

Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneshield Policy
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11550 MEDIUM PATCH This Month

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2019-11561 MEDIUM This Month

The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service H4 Plus Firmware Awv Plus Firmware G5W 3G Firmware G5 Plus Firmware +6
NVD GitHub
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-9698 MEDIUM This Month

Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus Engine
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-2053 MEDIUM This Month

In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy