Skip to main content
CVE-2019-2729 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Communications Diameter Signaling Router Communications Network Integrity Hyperion Infrastructure Technology +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.8%
CVE-2019-12899 CRITICAL POC Act Now

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Devicenet Builder
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12898 CRITICAL POC Act Now

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Devicenet Builder
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12890 CRITICAL POC Act Now

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Redwoodhq
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-11232 CRITICAL POC Act Now

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biyan
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-6971 CRITICAL POC THREAT Act Now

An issue was discovered on TP-Link TL-WR1043ND V2 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr1043Nd Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
13.7%
CVE-2019-3954 CRITICAL POC Act Now

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11040 CRITICAL POC Act Now

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Software Collections Leap +1
NVD
CVSS 3.1
9.1
EPSS
4.1%
CVE-2019-11039 CRITICAL POC Act Now

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Software Collections Leap +1
NVD
CVSS 3.1
9.1
EPSS
3.1%
CVE-2019-6114 HIGH POC This Week

An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Paintshop Pro 2019
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-12897 HIGH POC This Week

Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer after a call from ObjectModule!Paint::Clear+0x0000000000000074. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Edraw Max
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12896 HIGH POC This Week

Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Edraw Max
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12895 HIGH POC This Week

In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Alternate Pic View
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12894 HIGH POC This Week

Alternate Pic View 2.600 has a Read Access Violation at the Instruction Pointer after a call from PicViewer!PerfgrapFinalize+0x00000000000a9a1b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Alternate Pic View
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-12893 HIGH POC This Week

Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Alternate Pic View
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-11233 HIGH POC This Week

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biyan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-6972 HIGH POC This Week

An issue was discovered on TP-Link TL-WR1043ND V2 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr1043Nd Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-10257 HIGH POC This Week

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Hr Portal
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-9763 MEDIUM POC This Month

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-12900 CRITICAL PATCH Act Now

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Bzip2 Debian Linux Leap +3
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2019-2007 CRITICAL Act Now

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2006 CRITICAL Act Now

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Race Condition Google +1
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2019-11038 MEDIUM POC This Month

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Libgd Ubuntu Linux Debian Linux +9
NVD GitHub
CVSS 3.1
5.3
EPSS
4.3%
CVE-2019-3787 HIGH This Week

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Uaa Release
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-2018 HIGH This Week

In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Android
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-2003 HIGH This Week

In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Google Android
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-2016 HIGH This Week

In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2015 HIGH This Week

In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2014 HIGH This Week

In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2013 HIGH This Week

In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2012 HIGH This Week

In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-2009 HIGH This Week

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-2005 HIGH This Week

In onPermissionGrantResult of GrantPermissionsActivity.java, there is a possible incorrectly granted permission due to a missing permission check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Google Android
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1990 HIGH This Week

In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-1989 HIGH This Week

In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-4364 HIGH This Week

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2019-2025 HIGH POC This Week

In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Use After Free Privilege Escalation Memory Corruption Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-2024 HIGH This Week

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2023 HIGH POC This Week

In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-2017 HIGH This Week

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2011 HIGH This Week

In readNullableNativeHandleNoDup of Parcel.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2010 HIGH This Week

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-1985 HIGH This Week

In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-3896 HIGH This Week

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Linux Memory Corruption Use After Free +5
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-11271 HIGH This Week

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bosh
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-3737 HIGH This Week

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Dell Avamar Data Migration Enabler Web Interface
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-2008 HIGH This Week

In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2019-11479 HIGH PATCH This Week

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +18
NVD GitHub
CVSS 3.1
7.5
EPSS
91.7%
CVE-2019-11478 HIGH PATCH This Week

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +21
NVD GitHub
CVSS 3.0
7.5
EPSS
94.7%
CVE-2019-11477 HIGH PATCH This Week

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Linux Linux Kernel Big Ip Advanced Firewall Manager +22
NVD GitHub
CVSS 3.1
7.5
EPSS
98.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy