Skip to main content
CVE-2019-13352 CRITICAL POC Act Now

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cynap
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-12971 CRITICAL POC Act Now

BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bks Ebk Ethernet Buskoppler Pro Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-13308 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-13303 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-13302 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-13300 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-13299 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-13298 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-13297 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-13295 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Leap +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-13351 HIGH POC PATCH This Week

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jack2 Alsa
NVD GitHub
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-13314 HIGH POC This Week

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Virt Bootstrap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-13307 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13306 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13305 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13304 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13358 HIGH POC THREAT This Week

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Opencats
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
23.8%
CVE-2019-13311 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-13310 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-13309 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13301 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13296 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13345 MEDIUM POC PATCH THREAT This Month

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Squid Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
74.5%
CVE-2019-13144 CRITICAL Act Now

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mytinytodo
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-13344 MEDIUM POC THREAT This Month

An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Wp Like Button
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
45.1%
CVE-2019-13341 MEDIUM POC This Month

In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-13340 MEDIUM POC This Month

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-5984 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Css Pro
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5983 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Html5 Maps
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5980 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Related Youtube Videos
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5979 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Personalized Woocommerce Cart Page
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5974 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contest Gallery
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-5973 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Online Lesson Booking
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-5971 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Attendance Manager
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-5968 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Growi
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-5964 HIGH This Week

iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idoors Reader
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-5963 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Salesiq
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-5960 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Open Graph
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-13312 HIGH This Week

block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ffmpeg
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-5981 HIGH This Week

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vaio Update
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-13313 HIGH PATCH This Week

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libosinfo Fedora Enterprise Linux Enterprise Linux Eus +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-10639 HIGH PATCH This Week

The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.5
EPSS
3.3%
CVE-2019-5982 HIGH This Week

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Vaio Update
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2019-5961 HIGH This Week

The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Tootdon For Mastodon
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2019-10638 MEDIUM PATCH This Month

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.5
EPSS
2.6%
CVE-2019-5972 MEDIUM This Month

Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Online Lesson Booking
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-5970 MEDIUM This Month

Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Attendance Manager
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-5969 MEDIUM This Month

Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Growi
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-5967 MEDIUM This Month

Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joruri Cms 2017
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-5965 MEDIUM This Month

Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joruri Mail
NVD
CVSS 3.0
6.1
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy