Skip to main content
CVE-2019-14491 HIGH POC PATCH This Week

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Opencv
NVD GitHub
CVSS 3.0
8.2
EPSS
2.6%
CVE-2019-14260 HIGH POC This Week

On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 8008 Firmware
NVD
CVSS 3.0
8.0
EPSS
2.8%
CVE-2019-14259 HIGH POC This Week

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Obihai Obi1022 Firmware
NVD
CVSS 3.0
8.0
EPSS
2.8%
CVE-2019-14497 HIGH POC This Week

ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Milkytracker Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-14496 HIGH POC This Week

LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Milkytracker Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-14486 HIGH POC This Week

GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gnucobol
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14468 HIGH POC This Week

GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gnucobol
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14332 HIGH POC This Week

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-14513 HIGH POC This Week

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dnsmasq Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-14494 HIGH POC PATCH This Week

An issue was discovered in Poppler through 0.78.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Poppler Ubuntu Linux Fedora Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-14493 HIGH POC PATCH This Week

An issue was discovered in OpenCV before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Opencv Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-14492 HIGH POC PATCH This Week

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Opencv Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-0193 HIGH POC KEV PATCH THREAT This Week

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Java Apache RCE Solr +1
NVD
CVSS 3.1
7.2
EPSS
83.5%
CVE-2019-14517 MEDIUM POC This Month

pandao Editor.md 1.5.0 allows XSS via the Javascript: string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14472 MEDIUM POC This Month

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14471 MEDIUM POC This Month

TestLink 1.9.19 has XSS via the error.php message parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Testlink
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14338 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-14495 CRITICAL PATCH Act Now

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption 3Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-13572 CRITICAL PATCH Act Now

The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Blog2Social
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-14337 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-14336 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2019-14334 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link 6600 Ap Firmware Dwl 3600Ap Firmware Dwl 8610Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-14333 MEDIUM POC This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-9140 HIGH This Week

When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Information Disclosure RCE Happypoint
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2019-3890 HIGH This Week

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution Ews Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2019-3884 MEDIUM This Month

A vulnerability exists in the garbage collection mechanism of atomic-openshift. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openshift
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-5401 MEDIUM This Month

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS HP Hp2910Al 48G Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy