Skip to main content
CVE-2019-9851 CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux Debian Linux Fedora +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
78.3%
CVE-2019-12792 HIGH POC This Week

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
4.9%
CVE-2019-12791 HIGH POC This Week

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
6.5%
CVE-2019-14422 HIGH POC THREAT This Week

An issue was discovered in in TortoiseSVN 1.12.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tortoisesvn
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.4%
CVE-2019-14788 HIGH POC This Week

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress RCE Newsletters
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-10081 HIGH POC THREAT This Week

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Http Server Debian Linux
NVD
CVSS 3.0
7.5
EPSS
14.6%
CVE-2019-14786 MEDIUM POC This Month

The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Seo
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-14789 MEDIUM POC This Month

The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Custom 404 Pro
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-14790 MEDIUM POC This Month

The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Limb Gallery
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-9850 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-9010 CRITICAL Act Now

An issue was discovered in 3S-Smart CODESYS V3 products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +6
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-11187 CRITICAL PATCH Act Now

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Gosa Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-13578 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Givewp
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-14518 MEDIUM POC This Month

Evolution CMS 2.0.x allows XSS via a description and new category location in a template. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-14800 MEDIUM POC This Month

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure Fv Flowplayer Video Player
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-13516 HIGH This Week

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pi Web Api
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-12809 HIGH This Week

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Viewer Activex
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-9013 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +8
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-3417 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zxhn F670 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-15081 MEDIUM POC This Month

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencart
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.0%
CVE-2019-14795 MEDIUM POC This Month

The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Toggle The Title
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2019-14755 HIGH This Week

The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Leaf Admin
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-3974 HIGH This Week

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nessus
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-13514 HIGH This Week

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2019-13513 HIGH This Week

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2019-13510 HIGH This Week

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Memory Corruption Use After Free Rockwell +1
NVD
CVSS 3.0
7.8
EPSS
12.0%
CVE-2019-13221 HIGH PATCH This Week

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Stb Vorbis +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-13217 HIGH PATCH This Week

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Stb Vorbis +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-9012 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12854 HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2019-13222 HIGH PATCH This Week

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Information Disclosure Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2019-13220 HIGH PATCH This Week

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2019-13515 MEDIUM This Month

OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pi Web Api
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-14784 MEDIUM This Month

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Cp Contact Form With Paypal
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13377 MEDIUM PATCH This Month

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
2.2%
CVE-2019-13223 MEDIUM PATCH This Month

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-13219 MEDIUM PATCH This Month

A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-13218 MEDIUM PATCH This Month

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-10140 MEDIUM This Month

A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-3418 MEDIUM This Month

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zte Zxhn F670 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-13512 LOW Monitor

Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Frenic Loader
NVD
CVSS 3.1
3.3
EPSS
0.8%
CVE-2019-13511 LOW Monitor

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Arena
NVD
CVSS 3.1
3.3
EPSS
5.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy