Skip to main content
CVE-2019-13482 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.1%
CVE-2019-13481 HIGH POC This Week

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 818lw Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.2%
CVE-2019-13071 HIGH POC This Week

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powerpanel
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-0319 HIGH POC This Week

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection SAP Gateway Ui5
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-12466 HIGH PATCH This Week

Wikimedia MediaWiki through 1.32.1 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mediawiki Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-10120 HIGH This Week

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-1873 HIGH This Week

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asa 5506 X Firmware Asa 5506H X Firmware Asa 5506W X Firmware +2
NVD
CVSS 3.1
8.6
EPSS
2.5%
CVE-2019-0322 HIGH This Week

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Commerce Cloud
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-12474 HIGH PATCH This Week

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-12473 HIGH PATCH This Week

Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-12472 HIGH PATCH This Week

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5446 HIGH This Week

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Edgeswitch Firmware
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2019-0328 HIGH This Week

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection SAP Netweaver Process Integration
NVD
CVSS 3.0
7.2
EPSS
3.4%
CVE-2019-0327 HIGH This Week

SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.0
7.2
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy