Skip to main content
CVE-2019-3947 CRITICAL POC Act Now

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure V Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-1019 HIGH POC PATCH THREAT This Week

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD Exploit-DB
CVSS 3.1
8.5
EPSS
15.1%
CVE-2019-1069 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1703 Windows 10 1709 +7
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2019-0943 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.4%
CVE-2019-5442 HIGH POC This Week

XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pippo
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3946 HIGH POC This Week

Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow V Server
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-0959 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
3.0%
CVE-2019-7840 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.0
9.8
EPSS
17.2%
CVE-2019-7839 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Coldfusion
NVD
CVSS 3.0
9.8
EPSS
44.1%
CVE-2019-7838 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
CVSS 3.0
9.8
EPSS
17.4%
CVE-2019-0304 CRITICAL Act Now

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Advanced Business Application Programming Platform Kernel Advanced Business Application Programming Platform Krnl32Nuc Advanced Business Application Programming Platform Krnl32Uc +2
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-6580 CRITICAL PATCH Act Now

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Siveillance Video Management Software 2017 R2 Siveillance Video Management Software 2018 R1 Siveillance Video Management Software 2018 R2 Siveillance Video Management Software 2018 R3 +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-3888 CRITICAL PATCH Act Now

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Undertow Virtualization Virtualization Host +3
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-3873 CRITICAL Act Now

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss Enterprise Application Platform Single Sign On
NVD
CVSS 3.0
9.0
EPSS
0.9%
CVE-2019-7845 HIGH This Week

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +4
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2019-6584 HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Siemens Information Disclosure Logo 8 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-6581 HIGH PATCH This Week

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siveillance Video Management Software 2017 R2 Siveillance Video Management Software 2018 R1 Siveillance Video Management Software 2018 R2 Siveillance Video Management Software 2018 R3 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-0888 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2019-0722 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2019-10971 HIGH This Week

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Configurator For Devicenet Safety
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-9676 HIGH PATCH This Week

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Dahua RCE Ipc Hfw1Xxx Firmware Ipc Hdw1Xxx Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-1065 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-1064 HIGH KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1703 Windows 10 1709 +8
NVD
CVSS 3.1
7.8
EPSS
6.9%
CVE-2019-1045 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1035 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +1
NVD
CVSS 3.1
7.8
EPSS
6.6%
CVE-2019-1034 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +4
NVD
CVSS 3.0
7.8
EPSS
4.9%
CVE-2019-1028 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1027 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1026 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1022 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1021 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1007 HIGH PATCH This Week

An elevation of privilege exists in Windows Audio Service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft RCE Windows 10 Windows Server 2016 +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-0998 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-0985 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 7 +1
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-0983 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-0974 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-0973 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-0908 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.6%
CVE-2019-0907 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-0906 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2019-0905 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-0904 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-0709 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.6
EPSS
4.0%
CVE-2019-0620 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.6
EPSS
1.4%
CVE-2019-0315 HIGH This Week

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-6571 HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Siemens Logo 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-1080 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-1055 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-1038 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-1005 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
3.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy