Skip to main content
CVE-2019-16113 HIGH POC THREAT Act Now

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Bludit
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
78.0%
CVE-2019-16120 HIGH POC This Week

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Event Tickets
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-16099 HIGH POC This Week

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-16115 HIGH POC This Week

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-16100 HIGH POC This Week

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-16096 HIGH POC This Week

Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Kilo
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-16103 HIGH POC This Week

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
1.8%
CVE-2019-16097 MEDIUM POC PATCH THREAT This Month

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
6.5
EPSS
23.3%
CVE-2019-16104 MEDIUM POC This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16119 CRITICAL POC PATCH THREAT Act Now

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Photo Gallery
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
25.4%
CVE-2019-16102 CRITICAL Act Now

Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-16093 CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16092 CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16095 HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16094 HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16091 HIGH PATCH This Week

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16118 MEDIUM POC PATCH This Month

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Photo Gallery
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-16117 MEDIUM POC PATCH This Month

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Photo Gallery
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.6%
CVE-2019-16109 MEDIUM PATCH This Month

An issue was discovered in Plataformatec Devise before 4.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Devise
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-16101 MEDIUM This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-16105 MEDIUM This Month

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unity Edgeconnect Sd Wan Firmware
NVD GitHub
CVSS 3.0
4.9
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy