Skip to main content
CVE-2019-7163 CRITICAL POC Act Now

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Alcatel Linkzone Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-14532 CRITICAL POC Act Now

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure The Sleuth Kit Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-14531 CRITICAL POC Act Now

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure The Sleuth Kit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-14541 HIGH POC This Week

GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gnucobol
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14528 HIGH POC This Week

GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gnucobol
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-14524 HIGH POC This Week

An issue was discovered in Schism Tracker through 20190722. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Schism Tracker Backports Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-14523 HIGH POC This Week

An issue was discovered in Schism Tracker through 20190722. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Schism Tracker
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-6969 HIGH POC This Week

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS D-Link Dva 5592 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-6968 MEDIUM POC This Month

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dva 5592 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-14544 CRITICAL PATCH Act Now

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Gogs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9141 CRITICAL Act Now

ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoneplayer
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-14529 CRITICAL Act Now

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.1
9.8
EPSS
28.1%
CVE-2019-10938 CRITICAL PATCH Act Now

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens RCE Siprotec 5 Digsi Device Driver
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-7885 HIGH PATCH This Week

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Elastic Adobe Magento
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-7876 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-7871 HIGH PATCH This Week

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Adobe Magento
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-7865 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe CSRF Magento
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-10088 HIGH PATCH This Week

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
8.8
EPSS
4.8%
CVE-2019-10961 HIGH PATCH This Week

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-10094 HIGH PATCH This Week

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2019-10168 HIGH This Week

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10167 HIGH This Week

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10166 HIGH This Week

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-7951 HIGH PATCH This Week

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7950 HIGH PATCH This Week

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-7928 HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7915 HIGH PATCH This Week

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7886 HIGH PATCH This Week

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7861 HIGH PATCH This Week

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-7860 HIGH PATCH This Week

A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-7859 HIGH PATCH This Week

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-7858 HIGH PATCH This Week

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2019-7854 HIGH PATCH This Week

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-7849 HIGH PATCH This Week

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Adobe Magento
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-5501 HIGH This Week

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data Ontap
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-5493 HIGH PATCH This Week

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Data Ontap
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14235 HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-14233 HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-14232 HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-10171 HIGH This Week

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 389 Directory Server Enterprise Linux Server Eus
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-7890 HIGH PATCH This Week

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Magento
NVD
CVSS 3.0
7.3
EPSS
0.8%
CVE-2019-7942 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2019-7932 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2019-7930 HIGH PATCH This Week

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2019-7923 HIGH PATCH This Week

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2019-7913 HIGH PATCH This Week

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2019-7912 HIGH PATCH This Week

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.6%
CVE-2019-7911 HIGH PATCH This Week

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2019-7903 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
2.1%
CVE-2019-7896 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.0
7.2
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy