Skip to main content
CVE-2019-12153 CRITICAL Act Now

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Pdfreactor
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2019-12149 CRITICAL PATCH Act Now

SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Registry Restfulserver
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12144 CRITICAL Act Now

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Ws Ftp Server
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-3412 CRITICAL Act Now

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection Mf920 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-12765 CRITICAL POC THREAT Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Joomla
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-12154 CRITICAL Act Now

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Pdfreactor
NVD
CVSS 3.0
9.1
EPSS
2.3%
CVE-2019-12146 CRITICAL Act Now

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.0
9.1
EPSS
4.0%
CVE-2019-3410 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte CSRF Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-3409 HIGH This Week

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Wf820 Lte Outdoor Cpe Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-10339 HIGH PATCH This Week

A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Jx Resources
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10338 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed attackers to have Jenkins connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Jx Resources
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-12795 HIGH PATCH This Week

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Gvfs
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11334 LOW POC Monitor

An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Klic Lock Klic Smart Padlock Model 5686 Firmware
NVD GitHub
CVSS 3.1
3.7
EPSS
1.6%
CVE-2019-12145 HIGH This Week

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.0
7.5
EPSS
4.7%
CVE-2019-3411 HIGH This Week

All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Mf920 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-10337 HIGH PATCH This Week

An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Jenkins Token Macro
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-12749 HIGH This Week

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Canonical Dbus Ubuntu Linux
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-12794 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.108. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Misp
NVD GitHub VulDB
CVSS 3.0
6.6
EPSS
0.9%
CVE-2019-12764 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10334 MEDIUM PATCH This Month

Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Electricflow
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-12766 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-10336 MEDIUM PATCH This Month

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Electricflow
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-3413 MEDIUM This Month

All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Netnumen Dap Firmware
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-10335 MEDIUM PATCH This Month

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Electricflow
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-0196 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Apache Memory Corruption Http Server +2
NVD
CVSS 3.0
5.3
EPSS
19.3%
CVE-2019-12143 MEDIUM This Month

A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2019-0220 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Http Server Leap Debian Linux +2
NVD
CVSS 3.0
5.3
EPSS
17.9%
CVE-2019-10333 MEDIUM PATCH This Month

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Electricflow
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-10332 MEDIUM PATCH This Month

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Electricflow
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-10331 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Electricflow
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-0197 MEDIUM PATCH This Month

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Apache Http Server Ubuntu Linux +8
NVD
CVSS 3.1
4.2
EPSS
8.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy