Skip to main content
CVE-2019-12241 CRITICAL POC Act Now

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization Carts Guru
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-12240 CRITICAL POC Act Now

The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Deserialization Virim
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-8352 CRITICAL POC Act Now

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Patrol Agent
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-12208 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12207 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12206 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12219 HIGH POC This Week

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-12185 HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.1%
CVE-2019-12214 HIGH POC This Week

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Freeimage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12212 HIGH POC This Week

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeimage
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-12211 HIGH POC This Week

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Freeimage Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2019-12198 HIGH POC This Week

In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gohttp
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-12239 HIGH POC This Week

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress CSRF Wp Booking System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-12222 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2019-12221 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Sdl2 Image Simple Directmedia Layer Fedora +4
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-12220 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2019-12218 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-12217 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sdl2 Image Simple Directmedia Layer
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2019-12216 MEDIUM POC This Month

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Sdl2 Image Simple Directmedia Layer Fedora +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-12213 MEDIUM POC This Month

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeimage Ubuntu Linux Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-12215 MEDIUM POC This Month

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Matomo
NVD GitHub
CVSS 3.0
4.3
EPSS
1.2%
CVE-2019-11816 HIGH This Week

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pfsense Opnsense
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2019-4058 MEDIUM This Month

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10078 MEDIUM PATCH This Month

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.9%
CVE-2019-10077 MEDIUM PATCH This Month

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.7%
CVE-2019-10076 MEDIUM PATCH This Month

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.0
6.1
EPSS
4.7%
CVE-2019-11809 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4011 MEDIUM This Month

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Bigfix Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4293 MEDIUM This Month

IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storwize Unified V7000 Software
NVD
CVSS 3.1
5.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy