Skip to main content
CVE-2019-14431 CRITICAL POC Act Now

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Matrixssl
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13571 CRITICAL POC Act Now

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Advanced Cf7 Db
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-11200 HIGH POC PATCH This Week

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dolibarr Erp Crm
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-11201 HIGH POC PATCH This Week

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Dolibarr Erp Crm
NVD
CVSS 3.0
8.0
EPSS
2.2%
CVE-2019-14267 HIGH POC This Week

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Pdfresurrect Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
7.1%
CVE-2019-3948 HIGH POC THREAT This Week

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dahua Ip2M 841B Firmware Dh Ipc Hx863X Dh Ipc Hx883X +9
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
26.7%
CVE-2019-13498 HIGH POC This Week

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Access Manager
NVD GitHub
CVSS 3.1
7.4
EPSS
1.2%
CVE-2019-6726 MEDIUM POC This Month

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Wp Fastest Cache
NVD
CVSS 3.0
6.5
EPSS
4.3%
CVE-2019-1020006 MEDIUM POC PATCH This Month

invenio-app before 1.1.1 allows host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Invenio App
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1020019 MEDIUM POC PATCH This Month

invenio-previewer before 1.0.0a12 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Invenio Previewer
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1020010 MEDIUM POC This Month

Misskey before 10.102.4 allows hijacking a user's token. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Misskey
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14271 CRITICAL PATCH Act Now

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Docker Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
18.8%
CVE-2019-14379 CRITICAL PATCH Act Now

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Java Prototype Pollution RCE Jackson Databind Debian Linux +22
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2019-11199 MEDIUM POC This Month

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-13103 HIGH PATCH CISA Act Now

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service U Boot
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2019-14418 HIGH This Week

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Resiliency Platform
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-14378 HIGH POC PATCH THREAT This Week

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Libslirp
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.7%
CVE-2019-12948 HIGH This Week

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Unified Communications Software United Communications Software
NVD
CVSS 3.0
8.3
EPSS
1.7%
CVE-2019-11868 HIGH This Week

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption See Sys
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-13126 HIGH PATCH This Week

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Nats Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-1020009 HIGH This Week

Fleet before 2.1.2 allows exposure of SMTP credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fleet
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-1020004 HIGH This Week

Tridactyl before 1.16.0 allows fake key events. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tridactyl
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-1020002 HIGH PATCH This Week

Pterodactyl before 0.7.14 with 2FA allows credential sniffing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Panel
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1020015 HIGH PATCH This Week

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Graphql Engine
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-1020012 HIGH PATCH This Week

parse-server before 3.4.1 allows DoS after any POST to a volatile class. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Parse Server
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-1020001 HIGH PATCH This Week

yard before 0.9.20 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Yard
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-1020018 HIGH PATCH This Week

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
7.3
EPSS
1.0%
CVE-2019-14417 HIGH This Week

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Resiliency Platform
NVD
CVSS 3.0
7.2
EPSS
4.0%
CVE-2019-14416 HIGH This Week

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Resiliency Platform
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-1020011 HIGH This Week

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Smokedetector
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-13655 MEDIUM This Month

Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imgix
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-1020008 MEDIUM This Month

stacktable.js before 1.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stacktable Js
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1020016 MEDIUM This Month

ASH-AIO before 2.0.0.3 allows an open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ash Aio
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1020014 MEDIUM PATCH This Month

docker-credential-helpers before 0.6.3 has a double free in the List functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Docker Information Disclosure Credential Helpers Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-1020007 MEDIUM This Month

Dependency-Track before 3.5.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dependency Track
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-1020005 MEDIUM PATCH This Month

invenio-communities before 1.0.0a20 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Invenio Communities
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1020003 MEDIUM PATCH This Month

invenio-records before 1.2.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Invenio Records
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1105 MEDIUM PATCH This Month

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Google Outlook
NVD
CVSS 3.0
5.4
EPSS
1.8%
CVE-2019-12743 MEDIUM This Month

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Social Network Kit
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-1020017 MEDIUM PATCH This Month

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-1020013 MEDIUM PATCH This Month

parse-server before 3.6.0 allows account enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Parse Server
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2019-14415 MEDIUM This Month

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Resiliency Platform
NVD
CVSS 3.1
4.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy