Skip to main content
CVE-2019-4279 CRITICAL POC THREAT Emergency

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM RCE Deserialization Websphere Application Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
79.9%
CVE-2019-12160 CRITICAL POC Act Now

GoHTTP through 2017-07-25 has a sendHeader use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gohttp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12170 HIGH POC This Week

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Atutor
NVD GitHub
CVSS 3.0
8.8
EPSS
8.7%
CVE-2019-11057 HIGH POC This Week

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vtiger Crm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-12172 HIGH POC This Week

Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Apple RCE Typora
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-12086 HIGH POC PATCH THREAT This Week

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Deserialization Jackson Databind Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
21.9%
CVE-2019-8937 MEDIUM POC THREAT This Month

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hoteldruid
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
10.7%
CVE-2019-8929 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
11.2%
CVE-2019-8928 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8927 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8926 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8924 MEDIUM POC This Month

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2019-12158 CRITICAL Act Now

GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Gohttp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11887 CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-5953 CRITICAL Act Now

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Wget
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-5945 CRITICAL Act Now

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-0172 CRITICAL Act Now

A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Intel Privilege Escalation Unite
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-0153 CRITICAL Act Now

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Converged Security Management Engine Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-8339 MEDIUM POC PATCH This Month

An issue was discovered in Falco through 0.14.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Use After Free Memory Corruption Falco
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-12163 MEDIUM POC This Month

{} in a ws/gatshipWs.asmx/SqlVersion request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Module
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-7353 CRITICAL Act Now

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2019-5954 CRITICAL Act Now

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Jr East Japan
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2019-5883 CRITICAL Act Now

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2019-12161 HIGH This Week

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF Webpagetest
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-5931 HIGH This Week

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
8.7
EPSS
1.2%
CVE-2019-8925 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
11.8%
CVE-2019-0096 HIGH This Week

Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Memory Corruption Active Management Technology Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2019-11644 HIGH This Week

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Security Computer Protection Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-5958 HIGH This Week

Untrusted search path vulnerability in Electronic reception and examination of application for radio licenses Offline 1.0.9.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electronic Reception And Examination Of Application For Radio Licenses
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-5957 HIGH This Week

Untrusted search path vulnerability in Installer of Electronic reception and examination of application for radio licenses Online 1.0.9.0 and earlier allows an attacker to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electronic Reception And Examination Of Application For Radio Licenses
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-11094 HIGH This Week

Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Nuc Kit Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11085 HIGH PATCH This Week

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel I915 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-10139 HIGH This Week

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cockpit Ovirt
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-0171 HIGH PATCH This Week

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Intel Quartus Ii Quartus Prime
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-0138 HIGH This Week

Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Acu Wizard
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-0091 HIGH This Week

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Privilege Escalation Intel RCE Converged Security And Management Engine +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-0086 HIGH This Week

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-12159 HIGH This Week

GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gohttp
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-6797 HIGH This Week

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-6781 HIGH This Week

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-0132 HIGH This Week

Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Unite
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12168 HIGH This Week

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE F3X24 Firmware
NVD
CVSS 3.0
7.2
EPSS
5.0%
CVE-2019-5934 HIGH This Week

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-0090 HIGH This Week

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel Converged Security And Management Engine Server Platform Services
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2019-0099 MEDIUM This Month

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Server Platform Services Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2019-0098 MEDIUM This Month

Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security Management Engine Firmware Trusted Execution Engine Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2019-0092 MEDIUM This Month

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Active Management Technology Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-11093 MEDIUM PATCH This Month

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Scs Discovery Utility
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-0170 MEDIUM This Month

Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Converged Security Management Engine Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-0126 MEDIUM This Month

Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Xeon D 1649N Firmware Xeon D 1633N Firmware +46
NVD
CVSS 3.0
6.7
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy