Skip to main content
CVE-2019-15530 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.3%
CVE-2019-15529 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
7.7%
CVE-2019-15528 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15527 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15526 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-10751 HIGH POC PATCH This Week

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Httpie
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-15498 HIGH POC This Week

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Vera Edge Firmware
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-15513 HIGH POC This Week

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libuci Cx2L Mwr04L Firmware C1 Mwr03 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-15092 HIGH POC This Week

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Import Export Wordpress Users
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
5.1%
CVE-2019-13423 HIGH This Week

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Search Guard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-15491 HIGH This Week

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Openitcockpit
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-15525 HIGH PATCH This Week

There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pw3270
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2019-1583 HIGH This Week

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Privilege Escalation Twistlock
NVD
CVSS 3.0
8.0
EPSS
1.2%
CVE-2019-7364 HIGH PATCH This Week

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Advance Steel Autocad Autocad Architecture Autocad Electrical +7
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-7363 HIGH PATCH This Week

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Design Review
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-7362 HIGH PATCH This Week

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Design Review
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-11654 HIGH This Week

Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Verastream Host Integrator
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-15516 HIGH PATCH This Week

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cuberite
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-15493 HIGH This Week

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openitcockpit
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2019-1582 HIGH This Week

Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy