Skip to main content
CVE-2019-10123 CRITICAL POC THREAT Emergency

SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Logistic Software
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
65.8%
CVE-2019-9653 CRITICAL POC THREAT Act Now

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Network Video Recorder Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
11.5%
CVE-2019-9106 CRITICAL POC Act Now

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Tebe Small Firmware Webapp
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-9891 CRITICAL POC Act Now

The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Privilege Escalation RCE Advanced Bash Scripting Guide
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-9874 CRITICAL POC KEV THREAT Act Now

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Deserialization Cms Experience Platform
NVD
CVSS 3.1
9.8
EPSS
83.9%
CVE-2019-9871 CRITICAL POC Act Now

Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Fm K75 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-9875 HIGH POC KEV THREAT This Week

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Deserialization Cms
NVD
CVSS 3.1
8.8
EPSS
14.2%
CVE-2019-12502 HIGH POC This Week

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF S14 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-9105 HIGH POC This Week

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Tebe Small Firmware Webapp
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-10049 HIGH POC This Week

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pydio
NVD
CVSS 3.0
7.3
EPSS
1.2%
CVE-2019-10048 HIGH POC This Week

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pydio
NVD
CVSS 3.0
7.2
EPSS
3.3%
CVE-2019-12493 HIGH POC This Week

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.3%
CVE-2019-10045 MEDIUM POC This Month

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Pydio
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-12500 MEDIUM POC This Month

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M365 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-10328 CRITICAL PATCH Act Now

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline Remote Loader
NVD
CVSS 3.0
9.9
EPSS
1.9%
CVE-2019-6725 CRITICAL Act Now

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel P 660Hn T1 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-10069 CRITICAL Act Now

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Godot
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-12495 MEDIUM POC PATCH This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Tinycc
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-10047 MEDIUM POC This Month

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pydio
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10046 MEDIUM POC This Month

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pydio
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-10329 HIGH PATCH This Week

Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Influxdb
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10323 MEDIUM POC This Month

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jenkins Artifactory
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2019-10322 MEDIUM POC This Month

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jenkins Artifactory
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-10327 HIGH PATCH This Week

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins Pipeline Maven Integration
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-12499 HIGH PATCH This Week

Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Firejail
NVD GitHub
CVSS 3.0
8.1
EPSS
2.0%
CVE-2019-5678 HIGH PATCH This Week

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure RCE Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-10038 HIGH POC This Week

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Evernote
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-10981 HIGH PATCH This Week

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Citectscada Scada Expert Vijeo Citect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10330 HIGH PATCH This Week

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Gitea
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-12496 HIGH PATCH This Week

An issue was discovered in Hybrid Group Gobot before 1.13.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gobot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-10324 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Artifactory
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-12507 MEDIUM PATCH This Month

An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Phprelativepath
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-10325 MEDIUM PATCH This Month

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Warnings Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-10326 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Warnings Next Generation
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-10321 MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Artifactory
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy