Skip to main content
CVE-2019-10149 CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Exim Ubuntu Linux Debian Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-8385 CRITICAL POC THREAT Act Now

An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal RCE Concourse Matter Room Firm Central Desktop
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.6%
CVE-2019-12553 CRITICAL POC Act Now

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption 010 Editor
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-7671 CRITICAL POC Act Now

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Flexair
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
8.3%
CVE-2019-7672 HIGH POC This Week

Prima Systems FlexAir, Versions 2.3.38 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Flexair
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-9730 HIGH POC This Week

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Sound Device
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-9673 HIGH POC This Week

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freenet
NVD GitHub
CVSS 3.0
8.8
EPSS
4.0%
CVE-2019-12739 HIGH POC This Week

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Nextcloud Extract
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-12735 HIGH POC PATCH THREAT This Week

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source!. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Vim Neovim
NVD GitHub Exploit-DB
CVSS 3.0
8.6
EPSS
19.1%
CVE-2019-9156 HIGH POC This Week

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ezio Ds3 Server
NVD
CVSS 3.0
8.0
EPSS
3.2%
CVE-2019-6800 HIGH POC This Week

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection Spamtitan
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-12276 HIGH POC THREAT This Week

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Grandnode
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
53.7%
CVE-2019-12555 HIGH POC This Week

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure 010 Editor
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12554 HIGH POC This Week

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure 010 Editor
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12243 HIGH POC PATCH This Week

Istio 1.1.x through 1.1.6 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Istio
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-9647 MEDIUM POC This Month

Gila CMS 1.9.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gila Cms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2019-12543 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.1%
CVE-2019-12542 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-12541 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-12538 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
6.0%
CVE-2019-9548 CRITICAL Act Now

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
CVSS 3.0
10.0
EPSS
1.5%
CVE-2019-12196 CRITICAL Act Now

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
9.8
EPSS
69.1%
CVE-2019-11988 CRITICAL Act Now

A Remote Unauthorized Access vulnerability was identified in HPE Smart Update Manager (SUM) earlier than version 8.3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Update Manager
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-9642 CRITICAL PATCH Act Now

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Pydio
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-11949 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-5391 CRITICAL Act Now

A stack buffer overflow vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-5390 CRITICAL Act Now

A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2019-5387 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-5367 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
8.0%
CVE-2019-5358 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-5356 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
10.9%
CVE-2019-5352 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2019-5347 CRITICAL Act Now

A remote authentication bypass vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2019-11945 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
78.6%
CVE-2019-11944 CRITICAL Act Now

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Intelligent Management Center
NVD
CVSS 3.0
9.8
EPSS
13.3%
CVE-2019-11768 CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-9158 MEDIUM POC This Month

Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ezio Ds3 Server
NVD
CVSS 3.0
5.7
EPSS
1.0%
CVE-2019-11226 MEDIUM POC This Month

CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-9189 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.4.9api3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Python RCE Flexair
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
11.6%
CVE-2019-1881 HIGH This Week

A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Industrial Network Director
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12742 HIGH PATCH This Week

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Bludit
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-11986 HIGH This Week

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-11985 HIGH This Week

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-11984 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11980 HIGH This Week

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-11979 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11978 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11977 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11976 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-11975 HIGH This Week

A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Intelligent Management Center
NVD
CVSS 3.0
8.8
EPSS
1.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy