Skip to main content
CVE-2019-12792 HIGH POC This Week

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
4.9%
CVE-2019-12791 HIGH POC This Week

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
6.5%
CVE-2019-14422 HIGH POC THREAT This Week

An issue was discovered in in TortoiseSVN 1.12.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tortoisesvn
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.4%
CVE-2019-14788 HIGH POC This Week

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress RCE Newsletters
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-10081 HIGH POC THREAT This Week

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Http Server Debian Linux
NVD
CVSS 3.0
7.5
EPSS
14.6%
CVE-2019-13516 HIGH This Week

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pi Web Api
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-12809 HIGH This Week

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Viewer Activex
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-9013 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +8
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-3417 HIGH This Week

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zxhn F670 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-14755 HIGH This Week

The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Leaf Admin
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-3974 HIGH This Week

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Nessus
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-13514 HIGH This Week

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2019-13513 HIGH This Week

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Delta Industrial Automation Dopsoft
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2019-13510 HIGH This Week

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Memory Corruption Use After Free Rockwell +1
NVD
CVSS 3.0
7.8
EPSS
12.0%
CVE-2019-13221 HIGH PATCH This Week

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Stb Vorbis +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-13217 HIGH PATCH This Week

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Stb Vorbis +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-9012 HIGH This Week

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12854 HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2019-13222 HIGH PATCH This Week

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Information Disclosure Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2019-13220 HIGH PATCH This Week

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Stb Vorbis Debian Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy