Skip to main content
CVE-2019-12928 CRITICAL POC THREAT Emergency

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Command Injection Qemu
NVD
CVSS 3.0
9.8
EPSS
23.0%
CVE-2019-12939 CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12929 CRITICAL POC Act Now

The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Information Disclosure Command Injection Qemu
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-9958 HIGH POC This Week

CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Espressreport Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-7232 HIGH POC PATCH THREAT This Week

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Abb Memory Corruption Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
52.1%
CVE-2019-7230 HIGH POC PATCH This Week

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-7229 HIGH POC PATCH This Week

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. Public exploit code available.

Abb Information Disclosure Board Support Package Un31 Cp620 Firmware Cp620 Web Firmware +5
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2019-12323 HIGH POC This Week

The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hc10
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.8%
CVE-2019-9085 MEDIUM POC This Month

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Hoteldruid
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-12346 MEDIUM POC This Month

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Saml Sp Single Sign On
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-12940 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service Livezilla
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-12951 CRITICAL PATCH Act Now

An issue was discovered in Mongoose before 6.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mongoose
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12292 CRITICAL Act Now

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Appdna
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-7231 MEDIUM POC PATCH This Month

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
5.7
EPSS
6.8%
CVE-2019-9957 MEDIUM POC This Month

Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Espressreport Es
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-12870 HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Memory Corruption Automationworx Software Suite
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-12869 HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Information Disclosure Automationworx Software Suite
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2019-12871 HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Automationworx Software Suite
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2019-12938 MEDIUM POC This Month

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Apache Poste Io
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-11648 HIGH This Week

An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Self Service Password Reset
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-10689 MEDIUM This Month

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Better Together Over Ethernet Connector Unified Communications Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-11647 MEDIUM This Month

A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netiq Self Service Password Reset
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-12384 MEDIUM PATCH This Month

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Jackson Databind Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
45.2%
CVE-2019-12880 MEDIUM This Month

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quarking Password Manager
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2019-10271 MEDIUM This Month

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Ultimate Member
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy