Skip to main content
CVE-2019-5475 HIGH POC PATCH THREAT This Week

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Command Injection Nexus Repository Manager
NVD
CVSS 3.0
8.8
EPSS
18.4%
CVE-2019-15873 HIGH POC This Week

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress RCE Profilegrid
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-15867 HIGH POC This Week

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Slick Popup
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-15866 HIGH POC This Week

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload WordPress Crelly Slider
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2019-15858 HIGH POC THREAT This Week

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP WordPress RCE Authentication Bypass +1
NVD
CVSS 3.1
8.8
EPSS
20.8%
CVE-2019-14817 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-14811 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-5479 HIGH POC PATCH This Week

An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP LFI RCE Larvitbase
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-15043 HIGH POC THREAT This Week

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Grafana
NVD GitHub
CVSS 3.0
7.5
EPSS
63.4%
CVE-2019-15868 HIGH PATCH This Week

The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Affiliates Manager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15865 HIGH PATCH This Week

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Breadcrumbs By Menu
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-15892 HIGH This Week

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Varnish Cache Debian Linux
NVD
CVSS 3.0
7.5
EPSS
5.8%
CVE-2019-6179 HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft VMware XXE +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-14261 HIGH This Week

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secvest Wireless Alarm System Fuaa50000 Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-13156 HIGH This Week

NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Cloud Explorer
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-15863 HIGH This Week

The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Convertplus
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-3751 HIGH This Week

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Enterprise Copy Data Management
NVD
CVSS 3.0
7.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy