Skip to main content
CVE-2019-13279 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-13278 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
8.8%
CVE-2019-13276 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-10653 CRITICAL POC Act Now

An issue was discovered in Hsycms V1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hsycms
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-13482 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.1%
CVE-2019-13481 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.2%
CVE-2019-13071 HIGH POC This Week

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powerpanel
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-0319 HIGH POC This Week

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection SAP Gateway Ui5
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-13488 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trape
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-13240 MEDIUM POC PATCH This Month

An issue was discovered in GLPI before 9.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.0
5.9
EPSS
1.7%
CVE-2019-13489 CRITICAL Act Now

Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Trape
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12803 CRITICAL Act Now

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload I Onenet
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-13132 CRITICAL Act Now

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libzmq Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
42.5%
CVE-2019-12468 CRITICAL PATCH Act Now

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13224 CRITICAL PATCH Act Now

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

PHP Denial Of Service Information Disclosure RCE Memory Corruption +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-12723 CRITICAL Act Now

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fields
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-10122 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-10121 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-10119 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-5444 MEDIUM POC PATCH This Month

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Serve Here Js
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-13396 MEDIUM POC THREAT This Month

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Flightpath
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
62.6%
CVE-2019-0330 CRITICAL Act Now

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE SAP Diagnostics Agent
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2019-12466 HIGH PATCH This Week

Wikimedia MediaWiki through 1.32.1 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mediawiki Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-10120 HIGH This Week

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-1873 HIGH This Week

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asa 5506 X Firmware Asa 5506H X Firmware Asa 5506W X Firmware +2
NVD
CVSS 3.1
8.6
EPSS
2.5%
CVE-2019-0322 HIGH This Week

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Commerce Cloud
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-12474 HIGH PATCH This Week

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-12473 HIGH PATCH This Week

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-12472 HIGH PATCH This Week

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5446 HIGH This Week

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeswitch Firmware
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2019-0328 HIGH This Week

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection SAP Netweaver Process Integration
NVD
CVSS 3.0
7.2
EPSS
3.4%
CVE-2019-0327 HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2019-5221 MEDIUM This Month

There is a path traversal vulnerability on Huawei Share. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Path Traversal Mate 20 X Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-12470 MEDIUM PATCH This Month

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-12469 MEDIUM PATCH This Month

MediaWiki through 1.32.1 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-13225 MEDIUM PATCH This Month

A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference PHP Denial Of Service Oniguruma Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-0329 MEDIUM This Month

SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Information Steward
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0326 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0321 MEDIUM This Month

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap Netweaver As Abap
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-0281 MEDIUM This Month

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openui5
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-13122 MEDIUM This Month

A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Patchwork
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-12471 MEDIUM PATCH This Month

Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-12724 MEDIUM PATCH This Month

An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS News
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-11650 MEDIUM This Month

A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Netiq Advanced Authentication
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2019-12804 MEDIUM This Month

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure I Onenet
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-0318 MEDIUM This Month

Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-10966 MEDIUM This Month

In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aestiva 7100 Firmware Aestiva 7900 Firmware Aespire 7100 Firmware Aespire 7900 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2019-12467 MEDIUM PATCH This Month

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-5445 MEDIUM This Month

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Edgeswitch Firmware
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2019-5220 MEDIUM This Month

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mate 20 X Firmware Mate 20 Firmware Honor Magic 2 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy