Skip to main content
CVE-2019-12780 CRITICAL POC THREAT Emergency

The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Crock Pot Smart Slow Cooker With Wemo Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
72.0%
CVE-2019-9879 CRITICAL POC THREAT Act Now

The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpgraphql
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
46.6%
CVE-2019-9880 CRITICAL POC THREAT Act Now

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpgraphql
NVD GitHub Exploit-DB
CVSS 3.0
9.1
EPSS
34.8%
CVE-2019-12787 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-12786 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-12790 HIGH POC This Week

In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2019-12788 HIGH POC This Week

An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Proshow Producer
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
4.5%
CVE-2019-6241 HIGH POC This Week

In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mqttroute
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-11517 MEDIUM POC This Month

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Wampserver
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2019-12387 MEDIUM POC PATCH This Month

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Twisted Fedora Ubuntu Linux Zfs Storage Appliance Kit +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-11027 CRITICAL PATCH Act Now

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruby Openid
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-10226 MEDIUM POC This Month

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fat Free Crm
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
4.7%
CVE-2019-9881 MEDIUM POC THREAT This Month

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpgraphql
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
18.8%
CVE-2019-11881 MEDIUM POC This Month

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rancher
NVD GitHub
CVSS 3.0
4.7
EPSS
2.3%
CVE-2019-11877 MEDIUM This Month

XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lv Wr09 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5243 MEDIUM This Month

There is a Clickjacking vulnerability in Huawei HG255s product. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Huawei Hg255S Firmware
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy