Skip to main content
CVE-2019-14968 CRITICAL POC Act Now

An issue was discovered in imcat 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Imcat
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-13462 CRITICAL POC THREAT Act Now

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lansweeper
NVD
CVSS 3.0
9.1
EPSS
11.3%
CVE-2019-14935 HIGH POC This Week

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft 3Cx
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14951 HIGH POC This Week

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scout Gps Link
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-14932 HIGH POC This Week

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Humatrix 7
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-14982 MEDIUM POC PATCH This Month

In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-14976 MEDIUM POC This Month

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-14950 MEDIUM POC This Month

The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Live Chat
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-14965 CRITICAL PATCH Act Now

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Frappe
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-12618 CRITICAL PATCH Act Now

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Nomad
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-14947 MEDIUM POC This Month

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-14946 MEDIUM POC This Month

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14945 MEDIUM POC This Month

The ultimate-member plugin before 2.0.54 for WordPress has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Member
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-14948 MEDIUM POC This Month

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ppom For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14966 HIGH PATCH This Week

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Frappe
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-14969 HIGH This Week

Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Auditor
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-13418 HIGH This Week

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-14981 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-14980 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-14940 MEDIUM This Month

In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Storage Performance Development Kit
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-14359 LOW POC Monitor

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hashicorp Bc Vault Firmware
NVD
CVSS 3.0
2.4
EPSS
0.4%
CVE-2019-14967 MEDIUM PATCH This Month

An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Frappe
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-14949 MEDIUM This Month

The wp-database-backup plugin before 5.1.2 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Database Backup
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14939 MEDIUM PATCH This Month

An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Node.js Information Disclosure MySQL
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-13417 MEDIUM This Month

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Search Guard
NVD
CVSS 3.1
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy