Skip to main content
CVE-2019-13086 CRITICAL POC THREAT Act Now

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Csz Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
32.0%
CVE-2019-13082 CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Chamilo Lms
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-13067 CRITICAL POC Act Now

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-13085 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13084 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13083 HIGH POC This Week

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xnview
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-13114 MEDIUM POC PATCH This Month

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Exiv2 Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13113 MEDIUM POC PATCH This Month

Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Exiv2 Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13112 MEDIUM POC This Month

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-13110 MEDIUM POC PATCH This Month

A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Exiv2 Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-13109 MEDIUM POC PATCH This Month

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13108 MEDIUM POC This Month

An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13107 CRITICAL PATCH Act Now

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Matio Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-11829 CRITICAL Act Now

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Synology Command Injection Calendar
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-11821 CRITICAL Act Now

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Synology PHP Photo Station
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-13111 MEDIUM POC PATCH This Month

A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-13072 MEDIUM POC This Month

Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-13075 MEDIUM POC This Month

Tor Browser through 8.5.3 has an information exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Tor Browser
NVD
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-11826 HIGH This Week

Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Moments
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-11822 MEDIUM This Month

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Photo Station
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11828 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Microsoft Office
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-11827 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Note Station
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-11825 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Calendar
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13068 MEDIUM POC PATCH THREAT This Month

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grafana
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
51.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy