Skip to main content
CVE-2019-14681 HIGH POC This Week

The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress CSRF Deny All Firewall
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-14773 HIGH POC This Week

admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure Woody Ad Snippets
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-13176 HIGH POC This Week

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF 3Cx
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-12959 HIGH This Week

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-1958 HIGH This Week

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Hyperflex Hx Data Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-14693 HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2019-5238 HIGH This Week

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-5237 HIGH This Week

Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Pcmanager China Pcmanager Oversea
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-1970 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense Secure Firewall Management Center
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1957 HIGH This Week

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Iot Field Network Director
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-1955 HIGH This Week

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy