Skip to main content
CVE-2019-14754 CRITICAL POC Act Now

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Open School
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-14255 CRITICAL POC Act Now

A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Go Camo
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-13101 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
67.1%
CVE-2019-14681 HIGH POC This Week

The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Deny All Firewall
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-14773 HIGH POC This Week

admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure Woody Ad Snippets
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-13176 HIGH POC This Week

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF 3Cx
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-14679 MEDIUM POC This Month

core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Arprice Lite
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-14774 MEDIUM POC This Month

The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woo Variation Swatches
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-14772 MEDIUM POC PATCH This Month

verdaccio before 3.12.0 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Verdaccio
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11208 CRITICAL Act Now

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Api Exchange Gateway
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2019-1971 CRITICAL Act Now

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-14771 CRITICAL Act Now

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Backdrop Cms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-14683 MEDIUM POC This Month

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Import Users From Csv With Meta
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2019-14680 MEDIUM POC This Month

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Admin Renamer Extended
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-14221 MEDIUM POC This Month

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 1Crm On Premise
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-12994 CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
9.1
EPSS
4.4%
CVE-2019-12959 HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-1958 HIGH This Week

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Hyperflex Hx Data Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-14682 MEDIUM POC This Month

The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Better Search Project
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-14353 MEDIUM POC This Month

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure One Firmware
NVD
CVSS 3.0
4.2
EPSS
0.4%
CVE-2019-14693 HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2019-5238 HIGH This Week

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-5237 HIGH This Week

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-1970 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1957 HIGH This Week

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1955 HIGH This Week

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-1972 MEDIUM This Month

A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-1952 MEDIUM This Month

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-1953 MEDIUM This Month

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-1946 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-5236 MEDIUM This Month

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emily L29C Firmware
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2019-12397 MEDIUM PATCH This Month

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ranger
NVD
CVSS 3.0
6.1
EPSS
3.0%
CVE-2019-1954 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-14770 MEDIUM This Month

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop Core
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14769 MEDIUM This Month

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1951 MEDIUM This Month

A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan Firmware
NVD
CVSS 3.1
5.8
EPSS
1.5%
CVE-2019-14783 MEDIUM This Month

On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-5239 MEDIUM This Month

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-14335 MEDIUM This Month

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service D-Link 6600 Ap Firmware Dwl 3600Ap Firmware
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-1961 MEDIUM This Month

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2019-1973 MEDIUM This Month

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1956 MEDIUM This Month

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Spa112 2 Port Phone Adapter Firmware
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1949 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-1960 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-1959 MEDIUM This Month

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-5301 LOW Monitor

Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor V20 Firmware
NVD
CVSS 3.0
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy