Skip to main content
CVE-2019-15107 CRITICAL POC KEV THREAT Emergency

An issue was discovered in Webmin <=1.920. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webmin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2019-15106 CRITICAL POC THREAT Act Now

An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Opmanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.5%
CVE-2019-14923 HIGH POC This Week

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eyesofnetwork
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.3%
CVE-2019-15105 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Application Manager through 14.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.8%
CVE-2019-15104 HIGH POC This Week

An issue was discovered in Zoho ManageEngine OpManager through 12.4x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.8%
CVE-2019-15084 HIGH POC This Week

Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Waves Maxx Audio
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-15095 MEDIUM POC This Month

DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dwsurvey
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7964 CRITICAL Act Now

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Adobe Experience Manager
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2019-7959 CRITICAL PATCH Act Now

Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Creative Cloud
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-7958 CRITICAL PATCH Act Now

Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Creative Cloud
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2019-5477 CRITICAL PATCH Act Now

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nokogiri Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-15091 CRITICAL Act Now

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Integria Ims
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15119 MEDIUM POC PATCH This Month

lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nps
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-15120 MEDIUM POC This Month

The Kunena extension before 5.1.14 for Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kunena
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2019-15115 HIGH This Week

The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Loginwp
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15114 HIGH This Week

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Formcraft
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15113 HIGH This Week

The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Companion Sitemap Generator
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15117 HIGH PATCH This Week

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-8063 HIGH PATCH This Week

Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Creative Cloud
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2019-7957 HIGH PATCH This Week

Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Creative Cloud
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2019-15099 HIGH This Week

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-15090 MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-15116 MEDIUM This Month

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Digital Downloads
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15118 MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-15108 MEDIUM PATCH This Month

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Api Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-15098 MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Active Iq Performance Analytics Services +6
NVD
CVSS 3.1
4.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy