Skip to main content
CVE-2019-13962 CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player Backports Sle Leap +2
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13956 CRITICAL POC Act Now

Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Discuz Ml
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-13952 CRITICAL POC Act Now

The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gdnsd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-13951 CRITICAL POC Act Now

The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gdnsd
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-1010268 CRITICAL POC PATCH Act Now

Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Information Disclosure Ladon
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.7%
CVE-2019-1010259 CRITICAL POC PATCH Act Now

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Salt 2018 Salt 2019
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-13961 HIGH POC This Week

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flatcore
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-1010112 HIGH POC This Week

OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Oecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-13949 HIGH POC This Week

SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Syguestbook A5
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010096 HIGH POC This Week

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010095 HIGH POC This Week

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010094 HIGH POC This Week

domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010054 HIGH POC This Week

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2019-1010279 HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-13915 HIGH POC PATCH This Week

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Wide
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-1010066 HIGH POC PATCH This Week

Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Model Specific Registers Safe
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-13959 MEDIUM POC This Month

In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-13607 MEDIUM POC This Month

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Mini
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13643 MEDIUM POC This Month

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-7850 CRITICAL Act Now

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Campaign
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-1010248 CRITICAL Act Now

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi I Doit
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-3570 CRITICAL PATCH Act Now

Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Buffer Overflow Heap Overflow Information Disclosure Hiphop Virtual Machine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-1010104 CRITICAL Act Now

TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Quick Chat
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13575 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Everest Forms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-13960 MEDIUM POC This Month

In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg Turbo
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-1010069 MEDIUM POC This Month

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Abcm2Ps Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-13950 MEDIUM POC This Month

index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Syguestbook A5
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13948 MEDIUM POC This Month

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Syguestbook A5
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13647 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13646 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13645 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-13644 MEDIUM POC PATCH This Month

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-1010252 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-1010250 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-1010249 MEDIUM POC This Month

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Integer Overflow Buffer Overflow Open Network Operating System
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-9231 HIGH This Week

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mediant 500L Msbr Firmware Mediant 500 Mbsr Firmware Mediant M800B Msbr Firmware Mediant 800C Msbr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-11230 MEDIUM POC This Month

In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD
CVSS 3.0
4.4
EPSS
0.5%
CVE-2019-7956 HIGH This Week

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Dreamweaver
NVD
CVSS 3.0
7.8
EPSS
3.3%
CVE-2019-3741 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-7941 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7848 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7847 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2019-7846 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7843 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-1010246 HIGH PATCH This Week

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure PHP Mailcleaner
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-1010251 HIGH PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-13509 HIGH PATCH This Week

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2019-3592 MEDIUM This Month

Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 HF3, allows local administrator users to potentially disable some McAfee processes by manipulating the MA directory control and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Agent
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2019-7963 MEDIUM PATCH This Month

Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Adobe Bridge Cc
NVD
CVSS 3.0
6.5
EPSS
2.9%
CVE-2019-7953 MEDIUM This Month

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe CSRF Experience Manager
NVD
CVSS 3.0
6.5
EPSS
2.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy