Skip to main content
CVE-2019-15832 HIGH POC This Week

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visitor Traffic Real Time Statistics
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-15828 HIGH POC This Week

The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF One Click Ssl
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-15816 HIGH POC This Week

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Private Content Plus
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-5611 HIGH POC PATCH This Week

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-15841 HIGH This Week

The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Facebook For Woocommerce
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15840 HIGH This Week

The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Facebook For Woocommerce
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15835 HIGH PATCH This Week

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Better Permalinks
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15834 HIGH PATCH This Week

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Webp Converter For Media
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15831 HIGH This Week

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Visitor Traffic Real Time Statistics
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-13526 HIGH This Week

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Av7000 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2019-12810 HIGH This Week

A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Alsee
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-2390 HIGH This Week

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection OpenSSL Microsoft RCE MongoDB
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1966 HIGH This Week

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os Unified Computing System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15839 HIGH This Week

The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Sina Extension For Elementor
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-15630 HIGH This Week

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Api Gateway Mule Runtime
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-15026 HIGH PATCH This Week

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Memcached
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2019-15821 HIGH This Week

The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Bold Page Builder
NVD
CVSS 3.0
7.5
EPSS
11.0%
CVE-2019-6113 HIGH This Week

Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tx Nr686 Firmware
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2019-5612 HIGH This Week

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-5610 HIGH PATCH This Week

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Freebsd Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-5609 HIGH PATCH This Week

In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freebsd
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-1977 HIGH This Week

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-1968 HIGH This Week

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-1967 HIGH This Week

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12402 HIGH PATCH This Week

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Commons Compress Fedora Banking Payments +16
NVD
CVSS 3.1
7.5
EPSS
16.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy