Skip to main content
CVE-2019-1152 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.1%
CVE-2019-1151 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption Office +8
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
15.5%
CVE-2019-1150 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +7
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
29.1%
CVE-2019-1149 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft RCE Memory Corruption Office +8
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.9%
CVE-2019-1145 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Microsoft RCE Windows 10 Windows 7 +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.1%
CVE-2019-1144 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.1%
CVE-2019-14216 HIGH POC PATCH This Week

An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP WordPress CSRF Wp Svg Icons
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-12104 HIGH POC PATCH This Week

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2019-15050 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15049 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15048 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-15047 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-13030 HIGH POC This Week

eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Neo Server
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2019-9583 HIGH POC This Week

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Homematic Ccu3 Firmware Homematic Ccu2 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2019-14526 HIGH POC This Week

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear CSRF Mr1100 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2019-15062 HIGH POC PATCH This Week

An issue was discovered in Dolibarr 11.0.0-alpha. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dolibarr Erp Crm
NVD GitHub
CVSS 3.0
8.0
EPSS
0.6%
CVE-2019-1170 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.1
7.9
EPSS
2.4%
CVE-2019-9582 HIGH POC This Week

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Homematic Ccu2 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-15046 HIGH POC This Week

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2019-14975 HIGH POC This Week

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Mupdf
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-1258 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Active Directory Authentication Library Nuget
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2019-1229 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dynamics 365
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-1183 HIGH PATCH This Week

This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.0
8.8
EPSS
4.8%
CVE-2019-1140 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2019-10199 HIGH PATCH This Week

It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Keycloak
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-0351 HIGH This Week

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Netweaver
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-0343 HIGH This Week

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE SAP Commerce Cloud
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-0341 HIGH This Week

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-9506 HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os Mac Os X Tvos +143
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2019-10201 HIGH PATCH This Week

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-0720 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
8.0
EPSS
3.8%
CVE-2019-1201 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +5
NVD
CVSS 3.0
7.8
EPSS
4.9%
CVE-2019-1200 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Outlook
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2019-1199 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Office +1
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2019-1190 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1169 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 7 Windows Server 2008
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1168 HIGH PATCH This Week

An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1164 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1162 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1159 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2019-1157 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2019-1156 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1155 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1147 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1146 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2019-8062 HIGH This Week

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2019-7961 HIGH This Week

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Prelude Cc
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2019-7931 HIGH This Week

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Premiere Pro Cc
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2019-7870 HIGH This Week

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Character Animator
NVD
CVSS 3.0
7.8
EPSS
3.8%
CVE-2019-0965 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.6
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy