Skip to main content
CVE-2019-10750 CRITICAL POC PATCH Act Now

deeply is vulnerable to Prototype Pollution in versions before 3.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deeply
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-10747 CRITICAL POC PATCH Act Now

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Set Value
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-10746 CRITICAL POC PATCH Act Now

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mixin Deep Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-15530 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.3%
CVE-2019-15529 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.7%
CVE-2019-15528 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15527 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15526 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-10751 HIGH POC PATCH This Week

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Httpie
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-15498 HIGH POC This Week

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Vera Edge Firmware
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-15513 HIGH POC This Week

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libuci Cx2L Mwr04L Firmware C1 Mwr03 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15092 HIGH POC This Week

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Import Export Wordpress Users
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
5.1%
CVE-2019-15477 MEDIUM POC PATCH This Month

Jooby before 1.6.4 has XSS via the default error handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jooby
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15476 MEDIUM POC This Month

Former before 4.2.1 has XSS via a checkbox value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Former
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15499 MEDIUM POC This Month

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Codimd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-6695 CRITICAL Act Now

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-6698 CRITICAL Act Now

Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortirecorder Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-1581 CRITICAL Act Now

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Command Injection Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-1580 CRITICAL Act Now

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-15537 CRITICAL PATCH Act Now

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Proxystatistics
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15536 CRITICAL PATCH Act Now

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Acclaim
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15535 CRITICAL PATCH Act Now

Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Tasking Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15519 CRITICAL PATCH Act Now

Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Power Response
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-15494 CRITICAL Act Now

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Openitcockpit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15490 CRITICAL Act Now

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Openitcockpit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-15505 CRITICAL PATCH Act Now

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-15504 CRITICAL Act Now

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-15480 MEDIUM POC PATCH This Month

Domoticz 4.10717 has XSS via item.Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Domoticz
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-8446 MEDIUM POC THREAT This Month

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Jira Server
NVD
CVSS 3.1
5.3
EPSS
17.5%
CVE-2019-15514 MEDIUM POC This Month

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Telegram
NVD
CVSS 3.0
5.3
EPSS
2.3%
CVE-2019-13421 MEDIUM POC This Month

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-13423 HIGH This Week

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Search Guard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-15491 HIGH This Week

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Openitcockpit
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-15525 HIGH PATCH This Week

There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pw3270
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2019-1583 HIGH This Week

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Privilege Escalation Twistlock
NVD
CVSS 3.0
8.0
EPSS
1.2%
CVE-2019-7364 HIGH PATCH This Week

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Advance Steel Autocad Autocad Architecture Autocad Electrical +7
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-7363 HIGH PATCH This Week

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Design Review
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-7362 HIGH PATCH This Week

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Design Review
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-11654 HIGH This Week

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Verastream Host Integrator
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-15516 HIGH PATCH This Week

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cuberite
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-15493 HIGH This Week

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openitcockpit
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-1582 HIGH This Week

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2019-15531 MEDIUM This Month

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libextractor Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-11587 MEDIUM This Month

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-15508 MEDIUM This Month

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Server Tentacle
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-15507 MEDIUM This Month

In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Server
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-5594 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortinac
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-13422 MEDIUM This Month

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Search Guard
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11589 MEDIUM This Month

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect CSRF Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-11585 MEDIUM This Month

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy