Skip to main content
CVE-2019-9875 HIGH POC KEV THREAT This Week

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Deserialization Cms
NVD
CVSS 3.1
8.8
EPSS
14.2%
CVE-2019-12502 HIGH POC This Week

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF S14 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-9105 HIGH POC This Week

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Tebe Small Firmware Webapp
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-10049 HIGH POC This Week

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pydio
NVD
CVSS 3.0
7.3
EPSS
1.2%
CVE-2019-10048 HIGH POC This Week

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pydio
NVD
CVSS 3.0
7.2
EPSS
3.3%
CVE-2019-12493 HIGH POC This Week

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.3%
CVE-2019-10329 HIGH PATCH This Week

Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Influxdb
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10327 HIGH PATCH This Week

An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins Pipeline Maven Integration
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2019-12499 HIGH PATCH This Week

Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Firejail
NVD GitHub
CVSS 3.0
8.1
EPSS
2.0%
CVE-2019-5678 HIGH PATCH This Week

NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Denial Of Service Information Disclosure RCE Geforce Experience
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-10038 HIGH POC This Week

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Evernote
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-10981 HIGH PATCH This Week

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Citectscada Scada Expert Vijeo Citect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10330 HIGH PATCH This Week

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Gitea
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-12496 HIGH PATCH This Week

An issue was discovered in Hybrid Group Gobot before 1.13.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gobot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy