Skip to main content
CVE-2019-10720 HIGH POC This Week

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Blogengine Net
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2019-10719 HIGH POC This Week

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Blogengine Net
NVD
CVSS 3.0
8.8
EPSS
7.6%
CVE-2019-10270 HIGH POC This Week

An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Ultimate Member
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-12836 HIGH POC This Week

The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian CSRF Jeditor
NVD GitHub
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-12572 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Microsoft RCE Private Internet Access
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-11392 HIGH POC This Week

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Blogengine Net
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-10718 HIGH POC This Week

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Blogengine Net
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-11011 CRITICAL Act Now

Akamai CloudTest before 58.30 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Cloudtest
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-1904 HIGH This Week

A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple CSRF Ios Xe
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-10028 HIGH This Week

Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dial Reference
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-10072 HIGH PATCH This Week

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache
NVD
CVSS 3.0
7.5
EPSS
73.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy