Skip to main content
CVE-2019-12815 CRITICAL POC PATCH THREAT Act Now

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure RCE Proftpd Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
57.6%
CVE-2019-12725 CRITICAL POC THREAT Act Now

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zeroshell
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.8%
CVE-2019-1010238 CRITICAL POC PATCH Act Now

Gnome Pango 1.42 and later is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Pango Sd Wan Edge +11
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-12193 CRITICAL POC Act Now

H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi H3Cloud Os
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-1010245 CRITICAL POC PATCH Act Now

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-1010151 CRITICAL POC Act Now

zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Zzmcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-13973 CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13984 HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-13980 HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx Apache RCE +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-13979 HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-13978 HIGH POC This Week

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-13969 HIGH POC This Week

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-1579 HIGH POC KEV THREAT This Week

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Paloalto RCE Pan Os
NVD
CVSS 3.1
8.1
EPSS
39.3%
CVE-2019-7590 HIGH POC PATCH This Week

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Exacqvision Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-13989 HIGH POC This Week

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Dpic
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1010239 HIGH POC PATCH This Week

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Cjson Timesten In Memory Database
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-1010142 HIGH POC PATCH This Week

scapy 2.4.0 is affected by: Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scapy Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-1010136 HIGH POC This Week

ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-11552 HIGH POC This Week

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Code Injection RCE Code42 For Enterprise Crashplan For Small Business
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2019-1010241 MEDIUM POC This Month

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins Information Disclosure Credentials Binding
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1010113 MEDIUM POC This Month

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cleditor
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13972 MEDIUM POC This Month

LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Layerbb
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13971 MEDIUM POC This Month

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-13970 MEDIUM POC PATCH This Month

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Antsword
NVD GitHub
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-13569 CRITICAL Act Now

A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Email Subscribers Newsletters
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2019-1010101 CRITICAL Act Now

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13983 CRITICAL PATCH Act Now

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass PHP Directus 7 Api
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-13977 MEDIUM POC This Month

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ovidentia
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.5%
CVE-2019-13981 MEDIUM POC This Month

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus 7 Api
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-11990 HIGH This Week

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Universal Internet Of Things
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-11553 HIGH This Week

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Code42
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13974 HIGH PATCH This Week

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Layerbb
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1010100 HIGH This Week

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-9228 HIGH This Week

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Median 500L Msbr Firmware Median 500 Msbr Firmware Median M800B Msbr Firmware Median 800C Msbr Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-12946 HIGH This Week

Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Elcom Cms
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5680 MEDIUM This Month

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Jetson Tx1 Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2019-13991 MEDIUM This Month

Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arduino Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-12453 MEDIUM This Month

In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microstrategy Web
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1010247 MEDIUM PATCH This Month

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mod Auth Openidc
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-11989 MEDIUM This Month

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service HP Red Hat Microsoft Apache +2
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2019-12820 MEDIUM This Month

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure I3 Firmware
NVD
CVSS 3.0
5.6
EPSS
0.5%
CVE-2019-13648 MEDIUM PATCH This Month

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2019-13982 MEDIUM PATCH This Month

interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Directus 7
NVD GitHub
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-12821 MEDIUM This Month

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE I3 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-1167 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control. Rated medium severity (CVSS 4.1).

Authentication Bypass Microsoft Powershell Core
NVD
CVSS 3.0
4.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy