Skip to main content
CVE-2019-13455 CRITICAL POC Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of   expansion in acknowledge.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-15701 HIGH POC This Week

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bloodhound
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-13270 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13269 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13268 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13267 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13266 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13265 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13264 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13263 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13271 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-15647 HIGH POC This Week

The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress RCE Groundhogg
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2019-15702 HIGH POC This Week

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-15648 MEDIUM POC This Month

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-15700 MEDIUM POC This Month

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frappe
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-13236 MEDIUM POC PATCH This Month

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.1%
CVE-2019-13235 MEDIUM POC PATCH This Month

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencms Apollo Template
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.9%
CVE-2019-13234 MEDIUM POC PATCH This Month

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opencms Apollo Template
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.9%
CVE-2019-13486 CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of   expansion in svcstatus.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13485 CRITICAL Act Now

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13484 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13452 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13451 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-13273 CRITICAL Act Now

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xymon Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-14314 CRITICAL Act Now

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Nextgen Gallery
NVD
CVSS 3.0
9.8
EPSS
43.4%
CVE-2019-15659 CRITICAL Act Now

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Pie Register
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-15646 CRITICAL Act Now

The rsvpmaker plugin before 6.2 for WordPress has SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Rsvpmaker
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11457 HIGH This Week

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF Django Crm
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-15660 HIGH This Week

The wp-members plugin before 3.2.8 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Members
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15649 HIGH This Week

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-15645 HIGH This Week

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho WordPress CSRF Salesiq
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-13237 MEDIUM POC PATCH This Month

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opencms Apollo Template
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
7.3%
CVE-2019-13274 MEDIUM This Month

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xymon Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15644 MEDIUM This Month

The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho WordPress Salesiq
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15643 MEDIUM This Month

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Faq
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15666 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.0.19. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
4.4
EPSS
1.7%
CVE-2019-15698 MEDIUM This Month

In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD GitHub
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-15650 MEDIUM This Month

The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Easy Updates Manager
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy