Skip to main content
CVE-2019-13272 HIGH POC KEV PATCH THREAT Act Now

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +19
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
52.2%
CVE-2019-13640 CRITICAL POC Act Now

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Qbittorrent
NVD GitHub
CVSS 3.0
9.8
EPSS
7.9%
CVE-2019-1010263 CRITICAL POC PATCH Act Now

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-13577 CRITICAL POC THREAT Act Now

SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Maple Computer Wbt Snmp Administrator
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.4%
CVE-2019-13585 CRITICAL POC THREAT Act Now

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Robotics Virtual Robot Controller
NVD
CVSS 3.1
9.8
EPSS
14.7%
CVE-2019-13614 CRITICAL POC Act Now

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link RCE Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13613 CRITICAL POC Act Now

CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link RCE Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13625 CRITICAL POC Act Now

NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Ghidra
NVD GitHub
CVSS 3.0
9.1
EPSS
2.4%
CVE-2019-3969 HIGH POC This Week

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-13623 HIGH POC This Week

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal RCE Ghidra
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
5.0%
CVE-2019-1010283 HIGH POC PATCH This Week

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Univention Corporate Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-13619 HIGH POC This Week

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Fedora Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2019-13403 HIGH POC This Week

Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cwx
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-12876 HIGH POC This Week

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus Manageengine Adselfservice Plus Manageengine Desktop Central
NVD
CVSS 3.0
7.3
EPSS
4.6%
CVE-2019-1010266 MEDIUM POC PATCH This Month

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lodash
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-13626 MEDIUM POC This Month

SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsdl Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-10352 MEDIUM POC PATCH THREAT This Month

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jenkins
NVD
CVSS 3.0
6.5
EPSS
10.2%
CVE-2019-1943 MEDIUM POC THREAT This Month

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +54
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
10.5%
CVE-2019-1010287 MEDIUM POC PATCH This Month

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Timesheet Next Gen
NVD
CVSS 3.0
6.1
EPSS
4.3%
CVE-2019-13346 MEDIUM POC This Month

In MyT 1.5.1, the User[username] parameter has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Myt
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2019-1010091 MEDIUM POC PATCH This Month

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2019-1917 CRITICAL Act Now

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Vision Dynamic Signage Director
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2019-11772 CRITICAL Act Now

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Buffer Overflow Memory Corruption Openj9
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-1010275 CRITICAL PATCH Act Now

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Helm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-13447 CRITICAL Act Now

An issue was discovered in Sertek Xpare 3.67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Xpare
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11535 CRITICAL Act Now

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Command Injection Re6400 Firmware Re6300 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-13573 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-9848 CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Libreoffice Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2019-13624 CRITICAL PATCH Act Now

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Onos
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-3973 MEDIUM POC This Month

Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3972 MEDIUM POC This Month

Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "<GUID>_CisSharedMemBuff". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3971 MEDIUM POC This Month

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-3970 MEDIUM POC This Month

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13493 MEDIUM POC This Month

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Experience Platform
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-13584 MEDIUM POC This Month

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Robotics Virtual Robot Controller
NVD
CVSS 3.0
5.3
EPSS
3.4%
CVE-2019-13637 HIGH This Week

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Join Me
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-1919 HIGH This Week

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Findit Network Manager Findit Network Probe
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-11771 HIGH This Week

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openj9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-8932 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-8931 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-12914 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12911 HIGH This Week

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Shift
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-12175 HIGH This Week

In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zeek
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-10353 HIGH PATCH This Week

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins CSRF
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-4430 HIGH PATCH This Week

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Maximo Asset Management
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-1010083 HIGH PATCH This Week

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Flask
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-1920 HIGH This Week

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Aironet 3700E Firmware Aironet 3700I Firmware +2
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2019-13631 MEDIUM PATCH This Month

In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.0
6.8
EPSS
0.8%
CVE-2019-1923 MEDIUM This Month

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Spa501G Firmware Spa502G Firmware Spa504G Firmware +7
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2019-1942 MEDIUM This Month

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Identity Services Engine
NVD
CVSS 3.0
6.5
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy