Skip to main content
CVE-2019-15060 HIGH POC This Week

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Command Injection Tl Wr840N Firmware
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2019-12385 HIGH POC This Week

An issue was discovered in Ampache through 3.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ampache
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-15324 HIGH POC This Week

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Ad Inserter
NVD
CVSS 3.0
8.8
EPSS
3.6%
CVE-2019-13139 HIGH POC PATCH This Week

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Docker Command Injection
NVD GitHub
CVSS 3.0
8.4
EPSS
2.0%
CVE-2019-9154 HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-9153 HIGH POC PATCH This Week

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Openpgpjs
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-14751 HIGH POC PATCH This Week

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Nltk
NVD GitHub
CVSS 3.0
7.5
EPSS
5.8%
CVE-2019-14511 HIGH POC This Week

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sphinx
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-15329 HIGH This Week

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Import Users From Csv With Meta
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15326 HIGH This Week

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Import Users From Csv With Meta
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-15325 HIGH This Week

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galliumos
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-15330 HIGH This Week

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Webp Express
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-11029 HIGH This Week

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mirasys Vms
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-5635 HIGH This Week

A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hickory Smart Ethernet Bridge Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-15323 HIGH This Week

The ad-inserter plugin before 2.4.20 for WordPress has path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Ad Inserter
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-7617 HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure Apm Agent
NVD
CVSS 3.0
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy