Skip to main content
CVE-2019-1010044 CRITICAL POC Act Now

borg-reducer c6d5240 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Graphpass
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-1010038 CRITICAL POC Act Now

OpenModelica OMCompiler is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Omcompiler
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-1010022 CRITICAL POC Act Now

GNU Libc current is affected by: Mitigation bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-1089 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.9%
CVE-2019-1010006 HIGH POC This Week

Evince 3.26.0 is affected by buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Evince Ubuntu Linux +2
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-1010300 HIGH POC This Week

mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-1010017 HIGH POC PATCH This Week

libnmap < v0.6.3 is affected by: XML Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libnmap
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-1010298 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-1010034 MEDIUM POC This Month

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Weblibrarian
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-1010028 MEDIUM POC This Month

phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP School College Portal With Erp Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-1010016 MEDIUM POC This Month

Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1010005 MEDIUM POC This Month

HexoEditor v1.1.8-beta is affected by: XSS to code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Hexoeditor
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-1010297 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-1010296 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-13604 MEDIUM POC This Month

There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Hid Digitalpersona 4500 Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-1010295 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2019-1010293 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2019-6824 CRITICAL Act Now

A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Proclima
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-6823 CRITICAL Act Now

A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Proclima
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2019-1072 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Team Foundation Server Azure Devops Server
NVD
CVSS 3.0
9.8
EPSS
12.4%
CVE-2019-0785 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows Server 2012 +2
NVD
CVSS 3.0
9.8
EPSS
49.6%
CVE-2019-1010308 CRITICAL PATCH Act Now

Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Aquarius Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-1010306 CRITICAL PATCH Act Now

Slanger 0.6.0 is affected by: Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Slanger
NVD GitHub
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-1010039 CRITICAL PATCH Act Now

uLaunchELF < commit 170827a is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Ulaunchelf
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-1010009 CRITICAL Act Now

DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dglux Server
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-1010302 MEDIUM POC This Month

jhead 3.03 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Jhead Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-1010301 MEDIUM POC PATCH This Month

jhead 3.03 is affected by: Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Jhead Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-1010305 MEDIUM POC PATCH This Month

libmspack 0.9.1alpha is affected by: Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmspack Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1010004 MEDIUM POC This Month

SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure Sound Exchange
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2019-1010307 MEDIUM POC This Month

GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation PHP Glpi
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-1010023 MEDIUM POC This Month

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc
NVD
CVSS 3.1
5.4
EPSS
3.1%
CVE-2019-1010008 MEDIUM POC This Month

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Emoncms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-5447 MEDIUM POC This Month

A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Http File Server
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-1010299 MEDIUM POC PATCH This Month

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rust
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-1010304 MEDIUM POC This Month

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Saleor
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-1010025 MEDIUM POC This Month

GNU Libc current is affected by: Mitigation bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glibc
NVD
CVSS 3.0
5.3
EPSS
2.3%
CVE-2019-1010024 MEDIUM POC This Month

GNU Libc current is affected by: Mitigation bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2019-1109 CRITICAL PATCH Act Now

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Office 365
NVD
CVSS 3.0
9.1
EPSS
4.2%
CVE-2019-1128 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2019-1127 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
20.6%
CVE-2019-1124 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.4%
CVE-2019-1123 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2019-1122 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2019-1121 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2019-1120 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2019-1119 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
19.5%
CVE-2019-1118 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
23.7%
CVE-2019-1117 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
23.7%
CVE-2019-1113 HIGH PATCH This Week

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Net Framework Visual Studio 2017
NVD
CVSS 3.0
8.8
EPSS
10.0%
CVE-2019-1111 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Office Office 365 Proplus
NVD
CVSS 3.0
8.8
EPSS
13.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy