Skip to main content
CVE-2019-10267 HIGH POC THREAT Act Now

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
75.2%
CVE-2019-14277 CRITICAL POC Act Now

Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF RCE Securetransport
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.3%
CVE-2019-10744 CRITICAL POC PATCH Act Now

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Lodash Active Iq Unified Manager Service Level Manager +18
NVD
CVSS 3.1
9.1
EPSS
5.0%
CVE-2019-13386 HIGH POC This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Centos Web Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2019-13382 HIGH POC This Week

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Snagit
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2019-10265 HIGH POC This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cloud Backup Suite
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-10264 HIGH POC This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cloud Backup Suite
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-10263 MEDIUM POC This Month

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloud Backup Suite
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14228 MEDIUM POC This Month

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Xavier
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2019-13387 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-13990 CRITICAL PATCH Act Now

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Quartz Apache Batik Mapviewer Banking Enterprise Originations +28
NVD GitHub
CVSS 3.1
9.8
EPSS
16.2%
CVE-2019-14282 CRITICAL Act Now

The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Simple Captcha2
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-14281 CRITICAL Act Now

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Datagrid
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-5604 CRITICAL Act Now

In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freebsd
NVD
CVSS 3.1
9.6
EPSS
3.1%
CVE-2019-14275 MEDIUM POC This Month

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fig2Dev Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-14274 MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp Backports Sle Leap
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-1010147 MEDIUM POC This Month

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Remedy Smart Reporting Yellowfin Bi
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-13385 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
2.0%
CVE-2019-9492 HIGH PATCH This Week

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro RCE Officescan
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-13638 HIGH PATCH This Week

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Patch Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
4.5%
CVE-2019-5607 HIGH This Week

In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5606 HIGH This Week

In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-5603 HIGH This Week

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-10266 HIGH POC THREAT This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cloud Backup Suite
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2019-13565 HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2019-0202 HIGH PATCH This Week

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Storm
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-14283 MEDIUM PATCH This Month

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2019-13955 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
3.8%
CVE-2019-13954 MEDIUM This Month

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mikrotik Routeros
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2019-5605 MEDIUM This Month

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-14284 MEDIUM PATCH This Month

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.2
EPSS
0.7%
CVE-2019-13588 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Wikindx
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-6002 MEDIUM This Month

Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Central Dogma
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10976 MEDIUM This Month

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Electric Fr Configurator2 Firmware
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-10974 MEDIUM This Month

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Energyplus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10972 MEDIUM This Month

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Electric Fr Configurator2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-14280 MEDIUM POC This Month

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Craft Cms
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
8.0%
CVE-2019-13057 MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
4.9
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy