Skip to main content
CVE-2019-14348 CRITICAL POC THREAT Act Now

The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Joomsport
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.1%
CVE-2019-14475 HIGH POC This Week

eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ccu2 Firmware Ccu3 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-14521 HIGH POC PATCH This Week

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Path Traversal Energy Logserver
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-14664 MEDIUM POC This Month

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enigmail Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14667 MEDIUM POC PATCH This Month

Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-14665 MEDIUM POC This Month

Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14663 MEDIUM POC This Month

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14662 MEDIUM POC This Month

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Brandy
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-14672 MEDIUM POC PATCH This Month

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14670 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14669 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14668 MEDIUM POC PATCH This Month

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Firefly Iii
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14550 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14549 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14548 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14547 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14546 MEDIUM POC PATCH This Month

An issue was discovered in EspoCRM before 5.6.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-5502 CRITICAL Act Now

SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Data Ontap
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2019-14654 HIGH This Week

In Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Joomla
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-10980 HIGH This Week

A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption SCADA
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-3800 HIGH This Week

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Command Line Interface Cloud Foundry Command Line Interface Release Cloud Foundry Deployment Cloud Foundry Deployment Concourse Tasks +42
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-4473 HIGH This Week

Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Java IBM
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-11270 HIGH This Week

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Application Service Cloud Foundry Uaa Operations Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-14671 LOW POC PATCH Monitor

Firefly III 4.7.17.3 is vulnerable to local file enumeration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.0
3.3
EPSS
0.5%
CVE-2019-12264 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios Garrettcom Magnum Dx940E Firmware Ruggedcom Win7000 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
8.3%
CVE-2019-3717 MEDIUM This Month

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Chengming 3967 Firmware Chengming 3977 Firmware Chengming 3980 Firmware +238
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-4261 MEDIUM PATCH This Month

IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by specially crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Websphere Mq
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-11198 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cms
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-14525 MEDIUM This Month

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy Octopus Server
NVD GitHub
CVSS 3.0
4.9
EPSS
1.5%
CVE-2019-4284 MEDIUM This Month

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Private
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-10994 LOW Monitor

Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure SCADA
NVD
CVSS 3.0
3.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy