Skip to main content
CVE-2019-11580 CRITICAL POC KEV THREAT Emergency

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian RCE Crowd
NVD
CVSS 3.1
9.8
EPSS
95.4%
CVE-2019-12169 HIGH POC THREAT Act Now

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Path Traversal RCE Atutor
NVD GitHub
CVSS 3.1
8.8
EPSS
73.3%
CVE-2019-11367 CRITICAL POC Act Now

An issue was discovered in AUO Solar Data Recorder before 1.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solar Data Recorder
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-11185 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-10883 CRITICAL POC THREAT Act Now

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.0
9.8
EPSS
65.5%
CVE-2019-12377 CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE Landesk Management Suite
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-12310 CRITICAL POC Act Now

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Backup Appliance Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-12564 CRITICAL POC Act Now

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Douphp
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-11369 HIGH POC This Week

An issue was discovered in Carel pCOWeb prior to B1.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pcoweb Card Firmware
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
7.1%
CVE-2019-3846 HIGH POC PATCH This Week

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Linux Kernel Enterprise Linux Ubuntu Linux +9
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2019-9883 HIGH POC This Week

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Msr35 Isherlock Base Msr35 Isherlock Sysinfo Msr35 Isherlock User Msr35 Isherlock Useradmin +4
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-9882 HIGH POC This Week

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Msr35 Isherlock Base Msr35 Isherlock Sysinfo Msr35 Isherlock User +5
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-12589 HIGH POC PATCH This Week

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Firejail
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-12374 HIGH POC This Week

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ivanti Landesk Management Suite
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2017-14728 CRITICAL Act Now

An authentication bypass was found in an unknown area of the SiteOmat source code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Authentication Bypass Siteomat
NVD VulDB
CVSS 3.1
9.8
EPSS
10.2%
CVE-2019-12177 HIGH POC This Week

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Viveport
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2019-10147 HIGH POC This Week

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rkt
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2019-10145 HIGH POC This Week

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rkt
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2019-10144 HIGH POC This Week

rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rkt
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2019-12593 HIGH POC THREAT This Week

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mail Server
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
41.0%
CVE-2017-14854 CRITICAL Act Now

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

Buffer Overflow RCE Siteomat
NVD VulDB
CVSS 3.1
9.1
EPSS
11.4%
CVE-2017-14851 CRITICAL Act Now

A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Siteomat
NVD VulDB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-10009 MEDIUM POC THREAT This Month

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.5%
CVE-2019-9839 MEDIUM POC This Month

VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vfront
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-9838 MEDIUM POC This Month

VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vfront
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-11356 CRITICAL Act Now

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Imap Fedora +6
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-6742 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-12585 CRITICAL PATCH Act Now

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Apcupsd Pfsense
NVD GitHub
CVSS 3.0
9.8
EPSS
5.0%
CVE-2019-11368 MEDIUM POC This Month

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solar Data Recorder
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-11370 MEDIUM POC This Month

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pcoweb Card Firmware
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
4.0%
CVE-2019-12566 MEDIUM POC PATCH This Month

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Wp Statistics
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-6741 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Redirect Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
9.3
EPSS
3.2%
CVE-2019-3397 CRITICAL Act Now

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Path Traversal RCE Bitbucket
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-12373 CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
9.0
EPSS
1.0%
CVE-2017-14853 HIGH This Week

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Siteomat
NVD VulDB
CVSS 3.1
8.6
EPSS
1.5%
CVE-2019-12548 HIGH PATCH This Week

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload RCE Bludit
NVD GitHub
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-11509 HIGH This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti RCE Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
8.8
EPSS
7.8%
CVE-2019-6743 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Mi6 Browser
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-6740 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-6739 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Antimalware
NVD
CVSS 3.1
8.8
EPSS
9.9%
CVE-2019-6738 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Safepay
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-6737 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Safepay
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2019-6736 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Safepay
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-11646 HIGH This Week

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2017-14852 HIGH This Week

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siteomat
NVD VulDB
CVSS 3.1
8.6
EPSS
0.6%
CVE-2019-12376 MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
CVSS 3.0
4.5
EPSS
0.6%
CVE-2019-3567 HIGH This Week

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Osquery
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-3895 HIGH PATCH This Week

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Octavia Openstack
NVD
CVSS 3.1
8.0
EPSS
1.4%
CVE-2019-12097 HIGH This Week

Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Fiddler
NVD VulDB
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-12176 HIGH This Week

Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Viveport
NVD
CVSS 3.0
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy