Skip to main content
CVE-2019-12255 CRITICAL POC THREAT Act Now

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
75.2%
CVE-2019-11581 CRITICAL POC KEV THREAT Act Now

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Atlassian Jira Server
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2019-12258 HIGH POC THREAT This Week

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Vxworks Sonicos Siprotec 5 Firmware +9
NVD GitHub
CVSS 3.1
7.5
EPSS
23.4%
CVE-2019-11042 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-11041 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-14793 MEDIUM POC This Month

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Meta Box
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-14312 MEDIUM POC PATCH THREAT This Month

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Jaxer
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
20.6%
CVE-2019-11776 MEDIUM POC This Month

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Intelligence And Reporting Tools
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14791 MEDIUM POC This Month

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Appointment Booking Calendar
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-14799 MEDIUM POC This Month

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-12261 CRITICAL Act Now

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2019-12260 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
22.8%
CVE-2019-12256 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
26.6%
CVE-2019-14801 CRITICAL Act Now

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Fv Flowplayer Video Player
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-14234 CRITICAL PATCH Act Now

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Python Django Fedora +1
NVD
CVSS 3.0
9.8
EPSS
47.7%
CVE-2019-5402 CRITICAL Act Now

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Storeserv Management Console
NVD
CVSS 3.0
9.4
EPSS
4.3%
CVE-2019-5399 CRITICAL Act Now

A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
2.4%
CVE-2019-5397 CRITICAL Act Now

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
4.3%
CVE-2019-5396 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Service Processor Firmware
NVD
CVSS 3.0
9.4
EPSS
5.1%
CVE-2019-14796 MEDIUM POC This Month

The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Mq Woocommerce Products Price Bulk Edit
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14792 MEDIUM POC This Month

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Wp Go Maps
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14787 MEDIUM POC This Month

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Newsletters
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14785 MEDIUM POC This Month

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14798 MEDIUM POC This Month

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Photo Gallery
NVD
CVSS 3.0
4.9
EPSS
4.4%
CVE-2019-5404 HIGH This Week

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection 3Par Storeserv Management Console
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-12257 HIGH This Week

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +6
NVD
CVSS 3.1
8.8
EPSS
84.2%
CVE-2019-5395 HIGH This Week

A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload 3Par Service Processor Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-12805 HIGH This Week

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Nc Launcher2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-12263 HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware +9
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2019-3744 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Dell Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-3742 HIGH This Week

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Deserialization Digital Delivery
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12259 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
15.9%
CVE-2019-14806 HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-14794 HIGH This Week

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Meta Box
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-5405 HIGH This Week

A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Storeserv Management Console
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2019-5406 HIGH This Week

A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure 3Par Storeserv Management Console
NVD
CVSS 3.0
7.2
EPSS
1.4%
CVE-2019-14433 MEDIUM PATCH This Month

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nova Ubuntu Linux Openstack Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-5498 MEDIUM This Month

OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-5408 MEDIUM This Month

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xp7 Device Manager Xp7 Replication Manager Xp7 Tiered Storage Manager
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-5407 MEDIUM This Month

A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 3Par Storeserv Management Console
NVD
CVSS 3.0
6.3
EPSS
1.0%
CVE-2019-5400 MEDIUM This Month

A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure 3Par Service Processor Firmware
NVD
CVSS 3.0
6.3
EPSS
0.9%
CVE-2019-14807 MEDIUM PATCH This Month

In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Mobilefrontend
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-11274 MEDIUM This Month

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-5398 MEDIUM This Month

A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Par Service Processor Firmware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14797 MEDIUM This Month

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Photo Gallery
NVD
CVSS 3.0
5.4
EPSS
1.3%
CVE-2019-12265 MEDIUM This Month

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +8
NVD
CVSS 3.1
5.3
EPSS
55.3%
CVE-2019-5403 MEDIUM This Month

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Par Storeserv Management Console
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2019-14805 MEDIUM This Month

studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Una
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-14804 MEDIUM POC This Month

studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Una
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy