Skip to main content
CVE-2019-11062 CRITICAL POC Act Now

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Wmpro
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2019-13561 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 655 Firmware
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2019-13560 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 655 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13507 CRITICAL POC Act Now

hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Az Admin
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-13563 HIGH POC This Week

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 655 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-12363 HIGH POC This Week

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Mybb 2Fa
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-12579 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Apple Command Injection Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-12578 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-12577 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-12576 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-12575 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-12574 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-0053 HIGH POC This Week

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Juniper Buffer Overflow Stack Overflow Junos Debian Linux
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-9657 HIGH POC This Week

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adc V522Ir Firmware
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-9886 HIGH POC This Week

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Eclass Ip
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-13503 HIGH POC This Week

mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mongoose
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-12573 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
CVE-2019-12571 HIGH POC This Week

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Private Internet Access Vpn Client
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
CVE-2019-13504 MEDIUM POC This Month

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Exiv2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-13564 MEDIUM POC This Month

XSS exists in Ping Identity Agentless Integration Kit before 1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Agentless Integration Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-13562 MEDIUM POC This Month

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 655 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2019-12597 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12596 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12595 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12540 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.0
6.1
EPSS
2.3%
CVE-2019-12539 MEDIUM POC This Month

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-12537 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-13505 MEDIUM POC This Month

The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-1010003 MEDIUM POC This Month

Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Leanote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-7003 CRITICAL Act Now

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Control Manager
NVD
CVSS 3.1
10.0
EPSS
1.5%
CVE-2019-12751 CRITICAL Act Now

Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Message Gateway
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-10970 CRITICAL Act Now

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Panelview 5510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-12525 CRITICAL PATCH Act Now

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Squid Debian Linux Leap +2
NVD GitHub
CVSS 3.1
9.8
EPSS
24.4%
CVE-2019-10651 CRITICAL PATCH Act Now

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti RCE Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-12838 CRITICAL Act Now

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm Debian Linux Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-1010319 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010317 MEDIUM POC PATCH This Month

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010315 MEDIUM POC PATCH This Month

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wavpack Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-10349 MEDIUM POC PATCH This Month

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenkins Dependency Graph Viewer
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.9%
CVE-2019-13029 MEDIUM POC This Month

Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.5%
CVE-2019-12527 HIGH PATCH This Week

An issue was discovered in Squid 4.0.23 through 4.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Squid Fedora Debian Linux +5
NVD GitHub
CVSS 3.1
8.8
EPSS
49.0%
CVE-2019-10351 HIGH This Week

Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Caliper Ci
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-10350 HIGH This Week

Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Port Allocator
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10348 HIGH PATCH This Week

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gogs
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10347 HIGH PATCH This Week

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Mashup Portlets
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10340 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Jenkins CSRF
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10915 HIGH PATCH This Week

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Tia Administrator Sinetplan
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-11133 HIGH PATCH This Week

Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Intel Information Disclosure Processor Diagnostic Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-1010316 HIGH This Week

pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pyxtrlock
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-10931 HIGH This Week

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siprotec 5 Digsi Device Driver Digsi 5 Engineering Software
NVD
CVSS 3.1
7.5
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy