Skip to main content
CVE-2019-14351 HIGH POC This Week

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Espocrm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-14328 HIGH POC This Week

The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Simple Membership
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-14373 HIGH POC This Week

An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Flif
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14368 HIGH POC This Week

Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Exiv2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14352 HIGH POC This Week

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Worfklow
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14323 HIGH POC PATCH This Week

SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Simple Service Discovery Protocol Responder
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14322 HIGH POC PATCH THREAT This Week

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Werkzeug
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
55.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy