Skip to main content
CVE-2019-9087 CRITICAL POC Act Now

HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hoteldruid
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9086 CRITICAL POC Act Now

HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hoteldruid
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12776 CRITICAL POC Act Now

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12771 CRITICAL POC Act Now

Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Thinstation
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-12506 HIGH POC This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass R700 Laser Presentation Remote Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12775 HIGH POC This Week

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-12777 HIGH POC This Week

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-3955 HIGH POC THREAT This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Remote Mini Control
NVD
CVSS 3.0
7.5
EPSS
19.1%
CVE-2019-3957 HIGH POC THREAT This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Dameware Mini Remote Control
NVD
CVSS 3.1
7.4
EPSS
25.6%
CVE-2019-3956 HIGH POC This Week

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Remote Mini Control
NVD
CVSS 3.0
7.4
EPSS
1.6%
CVE-2019-12779 HIGH POC This Week

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libqb
NVD GitHub
CVSS 3.0
7.1
EPSS
0.7%
CVE-2019-12774 MEDIUM POC This Month

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datagate Mk2 Firmware Storm 24 Firmware Pixelator Firmware E Streamer Mk2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-2097 CRITICAL Act Now

In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-12601 CRITICAL Act Now

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-12600 CRITICAL Act Now

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-12599 CRITICAL Act Now

SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-12598 CRITICAL Act Now

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-10160 CRITICAL PATCH Act Now

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +10
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2019-12477 MEDIUM POC THREAT This Month

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Stv Lc40Lt0020F Firmware
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
13.3%
CVE-2019-9084 MEDIUM POC This Month

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Hoteldruid
NVD
CVSS 3.0
4.9
EPSS
1.7%
CVE-2019-12505 HIGH This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp1001 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-12504 HIGH This Week

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Wp2002 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-2102 HIGH This Week

In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2019-2093 HIGH This Week

In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-4069 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-4066 HIGH PATCH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-2099 HIGH PATCH This Week

In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-2098 HIGH This Week

In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2096 HIGH This Week

In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2094 HIGH This Week

In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-2092 HIGH This Week

In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2091 HIGH This Week

In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2090 HIGH This Week

In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2019-6532 HIGH PATCH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-6530 HIGH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
6.9%
CVE-2019-4068 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-4067 HIGH This Week

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12763 HIGH This Week

The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Security Camera Cz
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-2095 HIGH This Week

In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Denial Of Service RCE Google Android
NVD
CVSS 3.0
7.0
EPSS
0.7%
CVE-2019-8283 MEDIUM This Month

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sentinel Ldk
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-3477 MEDIUM This Month

Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Solutions Business Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-2101 MEDIUM This Month

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4070 MEDIUM This Month

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-8282 MEDIUM This Month

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sentinel Ldk
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy