Skip to main content
CVE-2019-15954 CRITICAL POC THREAT Emergency

An issue was discovered in Total.js CMS 12.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Total Js Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.9
EPSS
79.2%
CVE-2019-15949 HIGH POC KEV THREAT Act Now

Nagios XI before 5.6.6 allows remote command execution as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nagios Xi
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
77.7%
CVE-2019-14222 CRITICAL POC Act Now

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Alfresco
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-13188 CRITICAL POC Act Now

In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Knowage
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-13187 CRITICAL POC Act Now

The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Rich Text Formatter
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-15029 HIGH POC THREAT This Week

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Fusionpbx
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
12.3%
CVE-2019-15953 HIGH POC This Week

An issue was discovered in Total.js CMS 12.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Total Js Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-15952 HIGH POC This Week

An issue was discovered in Total.js CMS 12.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Total Js Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
5.1%
CVE-2019-5069 HIGH POC This Week

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Deserialization Efront Lms
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-15942 HIGH POC This Week

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-13191 HIGH POC This Week

A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Intramaps
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-12223 HIGH POC This Week

An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Srn 472S Firmware Srn 873S Firmware Srn 1673S Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-14224 HIGH POC This Week

An issue was discovered in Alfresco Community Edition 5.2 201707. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Alfresco
NVD GitHub
CVSS 3.0
7.2
EPSS
5.3%
CVE-2019-15955 MEDIUM POC This Month

An issue was discovered in Total.js CMS 12.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Total Js Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2019-5070 MEDIUM POC This Month

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Efront Lms
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10677 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Znid Gpon 2426A Eu Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
7.3%
CVE-2019-15939 MEDIUM POC PATCH This Month

An issue was discovered in OpenCV 4.1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Opencv Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
CVE-2019-15938 CRITICAL PATCH Act Now

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Barebox
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15937 CRITICAL PATCH Act Now

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Barebox
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-1976 CRITICAL Act Now

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Industrial Network Director Network Level Service
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-14339 MEDIUM POC This Month

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Print
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
5.4%
CVE-2019-5065 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Blynk Library
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-13349 MEDIUM POC This Month

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Knowage
NVD
CVSS 3.0
4.9
EPSS
1.3%
CVE-2019-2177 HIGH PATCH This Week

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java RCE Android
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2019-1939 HIGH This Week

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Cisco Webex Teams
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2019-9254 HIGH This Week

In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Java Privilege Escalation Command Injection Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-2181 HIGH This Week

In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-2178 HIGH PATCH This Week

In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2176 HIGH PATCH This Week

In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-2175 HIGH PATCH This Week

In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Java Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2174 HIGH PATCH This Week

In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Memory Corruption Google Use After Free +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2019-2123 HIGH PATCH This Week

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Java Privilege Escalation Buffer Overflow RCE Memory Corruption +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2019-2115 HIGH PATCH This Week

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-2108 HIGH PATCH This Week

In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-12645 HIGH This Week

A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Jabber
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-11380 HIGH This Week

The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Es File Explorer File Manager
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-15947 HIGH This Week

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-4321 HIGH This Week

IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force IBM Information Disclosure Intelligent Operations Center Intelligent Operations Center For Emergency Management +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12633 HIGH This Week

A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Unified Contact Center Express
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12632 HIGH This Week

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Finesse
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-13361 MEDIUM This Month

Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass W100 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-15946 MEDIUM PATCH This Month

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2019-15945 MEDIUM PATCH This Month

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2019-15848 MEDIUM PATCH This Month

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Teamcity
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-4186 MEDIUM This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Jazz For Service Management
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-12644 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-10753 MEDIUM PATCH This Month

In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Eclipse Cdt Eclipse Groovy Eclipse Wtp
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2019-2180 MEDIUM This Month

In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-2179 MEDIUM This Month

In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-2124 MEDIUM PATCH This Month

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Java Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy