Skip to main content
CVE-2019-12840 HIGH POC THREAT Act Now

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webmin
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
77.8%
CVE-2019-12835 CRITICAL POC Act Now

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Leanify
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12839 HIGH POC PATCH This Week

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Orangehrm
NVD GitHub
CVSS 3.0
8.8
EPSS
4.8%
CVE-2019-12830 HIGH POC This Week

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mybb
NVD
CVSS 3.0
8.7
EPSS
1.0%
CVE-2019-12829 HIGH POC This Week

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Radare2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-12831 HIGH POC This Week

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mybb
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-12816 HIGH PATCH This Week

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Znc
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy