Skip to main content
CVE-2019-14935 HIGH POC This Week

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft 3Cx
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-14951 HIGH POC This Week

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scout Gps Link
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-14932 HIGH POC This Week

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Humatrix 7
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-14966 HIGH PATCH This Week

An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Frappe
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-14969 HIGH This Week

Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Auditor
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2019-13418 HIGH This Week

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy