Skip to main content
CVE-2019-3702 HIGH POC This Week

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Icon 300 Firmware Icon 500 Firmware Icon 700 Firmware
NVD
CVSS 3.0
8.8
EPSS
5.3%
CVE-2019-11886 HIGH POC This Week

The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Css Style Editor
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-12083 HIGH POC This Week

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Rust Fedora Leap
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2019-11600 HIGH POC THREAT This Week

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Openproject
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
80.0%
CVE-2019-7217 HIGH POC This Week

Citrix ShareFile before 19.12 allows User Enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Sharefile
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-9727 HIGH POC This Week

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-9726 HIGH POC THREAT This Week

Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
15.7%
CVE-2019-7404 HIGH POC This Week

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gamp 7100 Firmware Gapm 7200 Firmware Gapm 8000 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12041 HIGH POC PATCH This Week

lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Remarkable
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-8342 HIGH This Week

A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Foxit Reader
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-10050 HIGH PATCH This Week

A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-1862 HIGH This Week

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe
NVD
CVSS 3.0
7.2
EPSS
5.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy