Skip to main content
CVE-2019-9569 CRITICAL POC Act Now

Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Entelibus Firmware
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2019-15642 HIGH POC PATCH THREAT This Week

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Webmin
NVD GitHub
CVSS 3.0
8.8
EPSS
38.0%
CVE-2019-15637 HIGH POC THREAT This Week

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Tableau Server Tableau Desktop Tableau Reader +1
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
14.3%
CVE-2019-8460 HIGH POC PATCH This Week

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openbsd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-15541 HIGH POC PATCH This Week

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rustls
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-15055 MEDIUM POC This Month

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mikrotik Routeros
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2019-15641 MEDIUM POC This Month

xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Webmin
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-15501 MEDIUM POC This Month

Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Listserv
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
8.2%
CVE-2019-15532 MEDIUM POC PATCH This Month

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cyberchef
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-15489 MEDIUM POC PATCH This Month

laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laracom
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13020 CRITICAL Act Now

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Tightrope Media Carousel
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2019-15657 CRITICAL PATCH Act Now

In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Eslint Utils
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-15651 CRITICAL Act Now

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wolfssl
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2019-15497 CRITICAL Act Now

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icompel Firmware Net Top Box Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-8001 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7998 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7997 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7993 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7992 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-7990 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7975 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7974 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7973 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7972 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7971 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7970 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7969 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7968 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2019-15548 CRITICAL Act Now

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ncurses
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15543 CRITICAL PATCH Act Now

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Slice Deque
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15533 CRITICAL PATCH Act Now

XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Xenfcoresharp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15503 CRITICAL Act Now

cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Prontuscms
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-15558 CRITICAL PATCH Act Now

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Xm Online 2 Common Utils And Endpoints
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15557 CRITICAL PATCH Act Now

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Xm Online 2 User Account And Authentication Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15555 CRITICAL PATCH Act Now

FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Wellness
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15560 CRITICAL PATCH Act Now

The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Reviews Module
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15559 CRITICAL PATCH Act Now

DianoxDragon Hawn before 2019-07-10 allows SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Hawn
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15574 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15573 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15572 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15571 CRITICAL PATCH Act Now

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Clonos
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15570 CRITICAL PATCH Act Now

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bedita
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15569 CRITICAL PATCH Act Now

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Java Ccd Data Store Api
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15568 CRITICAL PATCH Act Now

idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Idseq Web
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15567 CRITICAL PATCH Act Now

OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Arena
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15566 CRITICAL PATCH Act Now

The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Google Alfresco
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15565 CRITICAL PATCH Act Now

The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Icommktconnector
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15564 CRITICAL PATCH Act Now

The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Compassion Switzerland
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15563 CRITICAL PATCH Act Now

Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Webapi
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-15554 CRITICAL PATCH Act Now

An issue was discovered in the smallvec crate before 0.6.10 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Smallvec
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy