Skip to main content
CVE-2019-9618 CRITICAL POC THREAT Act Now

The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Gracemedia Media Player
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
40.8%
CVE-2019-7690 CRITICAL POC Act Now

In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mobaxterm
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-3702 HIGH POC This Week

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Icon 300 Firmware Icon 500 Firmware Icon 700 Firmware
NVD
CVSS 3.0
8.8
EPSS
5.3%
CVE-2019-11886 HIGH POC This Week

The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Css Style Editor
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-12083 HIGH POC This Week

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Rust Fedora Leap
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2019-11600 HIGH POC THREAT This Week

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Openproject
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
80.0%
CVE-2019-7217 HIGH POC This Week

Citrix ShareFile before 19.12 allows User Enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Sharefile
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-9727 HIGH POC This Week

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-9726 HIGH POC THREAT This Week

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
15.7%
CVE-2019-7404 HIGH POC This Week

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gamp 7100 Firmware Gapm 7200 Firmware Gapm 8000 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12041 HIGH POC PATCH This Week

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Remarkable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12047 MEDIUM POC This Month

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Gridea
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-7409 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Profiledesign Cms
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-12043 MEDIUM POC PATCH This Month

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Remarkable
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7218 MEDIUM POC This Month

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Google Sharefile
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2019-3684 MEDIUM POC This Month

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-10053 CRITICAL PATCH Act Now

An issue was discovered in Suricata 4.1.x before 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11680 CRITICAL PATCH Act Now

KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Konakart
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-11888 CRITICAL PATCH Act Now

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Go
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-7411 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Launcher
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-11429 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions >. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
5.9%
CVE-2019-8342 HIGH This Week

A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Foxit Reader
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-10050 HIGH PATCH This Week

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-1862 HIGH This Week

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
7.2
EPSS
5.5%
CVE-2019-8350 MEDIUM This Month

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Better Banking
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2019-1649 MEDIUM This Month

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Asa 5500 Firmware Firepower 2100 Firmware Firepower 4000 Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2019-8952 MEDIUM This Month

A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Divar Ip 2000 Firmware Divar Ip 5000 Firmware Video Management System Video Recording Manager
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-8951 MEDIUM This Month

An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Divar Ip 2000 Firmware Divar Ip 5000 Firmware Video Management System Video Recording Manager
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-4259 MEDIUM This Month

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy