Skip to main content
CVE-2019-9670 CRITICAL POC KEV PATCH THREAT Act Now

Synacor Zimbra Collaboration Suite 8.7.x contains an XML External Entity (XXE) injection vulnerability in the Autodiscover endpoint that allows unauthenticated attackers to read files and achieve server-side request forgery.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-9858 HIGH POC THREAT Act Now

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Groupware Debian Linux
NVD
CVSS 3.1
8.8
EPSS
19.2%
CVE-2019-11872 HIGH POC This Week

The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Hustle
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-12452 HIGH POC PATCH This Week

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Traefik
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-12347 MEDIUM POC PATCH THREAT This Month

In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Pfsense
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
58.6%
CVE-2019-6980 CRITICAL Act Now

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Zimbra Collaboration Suite
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-6957 CRITICAL Act Now

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Access Professional Edition Bosch Video Client Bosch Video Management System +10
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-9732 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9485 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12450 CRITICAL PATCH Act Now

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Glib Debian Linux Enterprise Linux Enterprise Linux Eus +5
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-12165 CRITICAL Act Now

MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micollab Micollab Audio Web Video Conferencing
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-9218 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12440 CRITICAL PATCH Act Now

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rocks
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-6958 CRITICAL Act Now

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Professional Edition Bosch Video Client Bosch Video Management System Building Integration System +7
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2019-9865 HIGH This Week

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow RCE Vxworks
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2019-12448 HIGH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Gvfs
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-11893 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2019-11892 HIGH This Week

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2019-11891 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2019-12439 HIGH PATCH This Week

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Bubblewrap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-4256 HIGH PATCH This Week

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12447 HIGH PATCH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gvfs Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
7.3
EPSS
1.8%
CVE-2019-6321 HIGH PATCH This Week

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-11896 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2019-6322 MEDIUM PATCH This Month

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2019-6981 MEDIUM This Month

Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-9866 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-7129 MEDIUM This Month

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager Forms
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-4137 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-4264 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-4138 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Control
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2019-11894 MEDIUM This Month

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-12449 MEDIUM PATCH This Month

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gvfs Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
5.7
EPSS
1.8%
CVE-2019-9221 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-4184 MEDIUM PATCH This Month

IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4139 MEDIUM PATCH This Month

IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Analytics
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-11895 MEDIUM This Month

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Smart Home Controller Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-7549 MEDIUM This Month

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy