Skip to main content
CVE-2019-15701 HIGH POC This Week

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bloodhound
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-13270 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13269 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13268 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-13267 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13266 HIGH POC This Week

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Archer C3200 V1 Firmware Archer C2 V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13265 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13264 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13263 HIGH POC This Week

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 825 Ac G1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13271 HIGH POC This Week

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Br 6208Ac V1 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-15647 HIGH POC This Week

The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress RCE Groundhogg
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2019-15702 HIGH POC This Week

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-11457 HIGH This Week

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF Django Crm
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-15660 HIGH This Week

The wp-members plugin before 3.2.8 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Members
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15649 HIGH This Week

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2019-15645 HIGH This Week

The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho WordPress CSRF Salesiq
NVD
CVSS 3.0
8.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy