Skip to main content
CVE-2019-15872 CRITICAL POC Act Now

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Loginpress
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-5475 HIGH POC PATCH THREAT This Week

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Nexus Repository Manager
NVD
CVSS 3.0
8.8
EPSS
18.4%
CVE-2019-15873 HIGH POC This Week

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress RCE Profilegrid
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-15867 HIGH POC This Week

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Slick Popup
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-15866 HIGH POC This Week

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress Crelly Slider
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-15858 HIGH POC THREAT This Week

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP WordPress RCE Authentication Bypass +1
NVD
CVSS 3.1
8.8
EPSS
20.8%
CVE-2019-14817 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-14811 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-5479 HIGH POC PATCH This Week

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP LFI RCE Larvitbase
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15043 HIGH POC THREAT This Week

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Grafana
NVD GitHub
CVSS 3.0
7.5
EPSS
63.4%
CVE-2019-15898 MEDIUM POC This Month

Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Log Server
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2019-15889 MEDIUM POC PATCH THREAT This Month

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
12.5%
CVE-2019-15860 MEDIUM POC This Month

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-15870 MEDIUM POC This Month

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Carspot
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-15869 MEDIUM POC This Month

The JobCareer theme before 2.5.1 for WordPress has stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobcareer
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-5480 MEDIUM POC This Month

A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Statichttpserver
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-10197 CRITICAL Act Now

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
9.1
EPSS
3.2%
CVE-2019-15868 HIGH PATCH This Week

The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Affiliates Manager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15865 HIGH PATCH This Week

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Breadcrumbs By Menu
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15871 MEDIUM POC This Month

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Loginpress
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-15892 HIGH This Week

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Varnish Cache Debian Linux
NVD
CVSS 3.0
7.5
EPSS
5.8%
CVE-2019-6179 HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft VMware XXE +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-14261 HIGH This Week

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secvest Wireless Alarm System Fuaa50000 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-13156 HIGH This Week

NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Cloud Explorer
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-15863 HIGH This Week

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Convertplus
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-3751 HIGH This Week

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Enterprise Copy Data Management
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-6181 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-3754 MEDIUM This Month

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Dell Emc Unity Operating Environment Emc Unityvsa Operating Environment +1
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-15864 MEDIUM PATCH This Month

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Breadcrumbs By Menu
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-1125 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd Intel Windows 10 +14
NVD Exploit-DB
CVSS 3.1
5.6
EPSS
4.5%
CVE-2019-5478 MEDIUM This Month

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zu11Eg Firmware Zu15Eg Firmware Zu17Eg Firmware Zu19Eg Firmware +37
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-6182 MEDIUM This Month

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2019-6180 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Lenovo Xclarity Administrator
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy