Skip to main content
CVE-2019-8923 CRITICAL POC Act Now

XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xampp
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-10919 CRITICAL POC Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Logo 8 Bm Firmware
NVD
CVSS 3.1
9.4
EPSS
2.7%
CVE-2019-12099 HIGH POC PATCH THREAT This Week

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE Php Fusion
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
17.5%
CVE-2019-11328 HIGH POC PATCH This Week

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Singularity Fedora Backports Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-9861 HIGH POC This Week

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Secvest Wireless Alarm System Fuaa50000 Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2019-11336 HIGH POC This Week

Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Photo Sharing Plus
NVD
CVSS 3.0
8.1
EPSS
3.2%
CVE-2019-10921 HIGH POC This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-8404 MEDIUM POC This Month

An issue was discovered in Webiness Inventory 2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Webiness Inventory
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
8.0%
CVE-2019-11846 MEDIUM POC This Month

/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-11845 MEDIUM POC This Month

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sp 4510Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-8391 MEDIUM POC This Month

qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qdpm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.3%
CVE-2019-8390 MEDIUM POC This Month

qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qdpm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
9.8%
CVE-2019-3568 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Google +3
NVD
CVSS 3.1
9.8
EPSS
39.2%
CVE-2019-10922 CRITICAL Act Now

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-11419 MEDIUM POC This Month

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Google Denial Of Service Wechat
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
4.0%
CVE-2019-12087 MEDIUM POC This Month

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung S9 Firmware S10 Firmware Xcover 4 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-6572 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2019-0301 HIGH This Week

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Identity Management
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-0280 HIGH This Week

SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Treasury And Risk Management
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-11204 HIGH This Week

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Spotfire Statistics Services
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-10918 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Wincc Simatic Wincc Tia Portal Simatic Wincc Runtime Professional
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-10916 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Simatic Pcs 7 Simatic Wincc Simatic Wincc Tia Portal Simatic Wincc Runtime Professional
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-8978 HIGH This Week

An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Banner Enterprise Identity Services Banner Web Tailor
NVD
CVSS 3.0
8.1
EPSS
5.9%
CVE-2019-10924 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Logo Soft Comfort
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-0287 HIGH This Week

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects
NVD
CVSS 3.0
7.6
EPSS
1.7%
CVE-2019-6578 HIGH This Week

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr2 Firmware Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr3 Firmware Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr4 Firmware Sinamics Perfect Harmony Gh180 With Nxg Ii Control Mlfb 6Sr2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-6574 HIGH This Week

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr2 Firmware Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr3 Firmware Sinamics Perfect Harmony Gh180 With Nxg I Control Mlfb 6Sr4 Firmware Sinamics Perfect Harmony Gh180 With Nxg Ii Control Mlfb 6Sr2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-10920 HIGH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-0289 HIGH This Week

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-6576 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-11397 MEDIUM This Month

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Rapid4 Net Framework
NVD
CVSS 3.0
6.5
EPSS
5.5%
CVE-2019-0293 MEDIUM This Month

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Sap Solution Manager System
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-0298 MEDIUM This Month

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP E Commerce
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11205 MEDIUM This Month

The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11844 MEDIUM This Month

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sp 4520Dn Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6516 MEDIUM This Month

An issue was discovered in WSO2 Dashboard Server 2.0.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Dashboard Server
NVD
CVSS 3.0
5.8
EPSS
1.6%
CVE-2019-0291 MEDIUM This Month

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Solution Manager
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-10917 MEDIUM This Month

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Wincc Simatic Wincc Tia Portal Simatic Wincc Runtime Professional
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-6577 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-11206 MEDIUM This Month

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-6515 MEDIUM PATCH This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Api Manager
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-6514 MEDIUM PATCH This Month

An issue was discovered in WSO2 Dashboard Server 2.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dashboard Server
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2019-6512 MEDIUM This Month

An issue was discovered in WSO2 API Manager 2.6.0. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Api Manager
NVD
CVSS 3.0
4.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy