Skip to main content
CVE-2019-9858 HIGH POC THREAT Act Now

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Groupware Debian Linux
NVD
CVSS 3.1
8.8
EPSS
19.2%
CVE-2019-11872 HIGH POC This Week

The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Hustle
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-12452 HIGH POC PATCH This Week

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Traefik
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-9865 HIGH This Week

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow RCE Vxworks
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2019-12448 HIGH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Gvfs
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-11893 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2019-11892 HIGH This Week

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2019-11891 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Home Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2019-12439 HIGH PATCH This Week

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Bubblewrap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-4256 HIGH PATCH This Week

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12447 HIGH PATCH This Week

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gvfs Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
7.3
EPSS
1.8%
CVE-2019-6321 HIGH PATCH This Week

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure Z4 G4 Workstation Firmware Z4 G4 Core X Workstation Firmware Z6 G4 Workstation Firmware +1
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-11896 HIGH This Week

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Smart Home Controller Firmware
NVD
CVSS 3.1
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy