Skip to main content
CVE-2019-13961 HIGH POC This Week

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flatcore
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-1010112 HIGH POC This Week

OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Oecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-13949 HIGH POC This Week

SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Syguestbook A5
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010096 HIGH POC This Week

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010095 HIGH POC This Week

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010094 HIGH POC This Week

domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Domainmod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-1010054 HIGH POC This Week

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2019-1010279 HIGH POC PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-13915 HIGH POC PATCH This Week

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Wide
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-1010066 HIGH POC PATCH This Week

Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Model Specific Registers Safe
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-9231 HIGH This Week

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mediant 500L Msbr Firmware Mediant 500 Mbsr Firmware Mediant M800B Msbr Firmware Mediant 800C Msbr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-7956 HIGH This Week

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Dreamweaver
NVD
CVSS 3.0
7.8
EPSS
3.3%
CVE-2019-3741 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-7941 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7848 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7847 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2019-7846 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-7843 HIGH This Week

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Campaign
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-1010246 HIGH PATCH This Week

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure PHP Mailcleaner
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-1010251 HIGH PATCH This Week

Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Suricata
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-13509 HIGH PATCH This Week

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy