Skip to main content
CVE-2019-10669 HIGH POC THREAT Act Now

An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Librenms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
80.7%
CVE-2019-16192 CRITICAL POC Act Now

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doccms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-6960 CRITICAL POC Act Now

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-16190 CRITICAL POC Act Now

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868l Firmware Dir 885L Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-16114 CRITICAL POC PATCH Act Now

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE PHP Atutor
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-10665 CRITICAL POC Act Now

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Denial Of Service Librenms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16125 CRITICAL POC Act Now

In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Jobberbase
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-16124 CRITICAL POC PATCH THREAT Act Now

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Youphptube
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.6%
CVE-2019-10668 CRITICAL POC PATCH Act Now

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Librenms
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2019-6783 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2019-12463 HIGH POC PATCH This Week

An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Denial Of Service Librenms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10671 HIGH POC PATCH This Week

An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Librenms
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-16131 HIGH POC This Week

framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Oklite
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2019-12465 HIGH POC PATCH This Week

An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Librenms
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2019-10666 HIGH POC This Week

An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Librenms
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2019-6788 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2019-6782 HIGH POC This Week

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-16163 HIGH POC PATCH This Week

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oniguruma Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-16162 HIGH POC This Week

Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Onigmo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-16161 HIGH POC PATCH This Week

Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Onigmo
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-12464 HIGH POC PATCH This Week

An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Librenms
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-16123 HIGH POC THREAT This Week

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Piluscart
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
16.5%
CVE-2019-5473 HIGH POC This Week

An authentication issue was discovered in GitLab that allowed a bypass of email verification. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-6793 HIGH POC This Week

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Atlassian SSRF Gitlab
NVD
CVSS 3.1
7.0
EPSS
3.5%
CVE-2019-10253 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teammate
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-6995 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-6786 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-6785 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-11549 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-16164 MEDIUM POC This Month

MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_node_remove in tree.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Myhtml
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16133 MEDIUM POC This Month

An issue was discovered in eteams OA v4.0.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eteams Oa
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-16132 MEDIUM POC This Month

An issue was discovered in OKLite v1.2.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Oklite
NVD
CVSS 3.1
6.5
EPSS
6.1%
CVE-2019-6784 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-11547 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10670 MEDIUM POC This Month

An issue was discovered in LibreNMS through 1.47. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Librenms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16130 MEDIUM POC PATCH This Month

YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yii Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16126 MEDIUM POC PATCH This Month

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-16184 CRITICAL PATCH Act Now

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Limesurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-12405 CRITICAL PATCH Act Now

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Traffic Control
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-16143 CRITICAL PATCH Act Now

An issue was discovered in the blake2 crate before 0.8.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Blake2 Rust
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-16142 CRITICAL PATCH Act Now

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Renderdocs Rs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-16140 CRITICAL PATCH Act Now

An issue was discovered in the chttp crate before 0.1.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Isahc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-16139 CRITICAL PATCH Act Now

An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Compact Arena
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-16138 CRITICAL PATCH Act Now

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16167 MEDIUM POC This Month

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sysstat Fedora Leap +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-6795 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-16173 MEDIUM POC PATCH This Month

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2019-16172 MEDIUM POC PATCH This Month

LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Limesurvey
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
4.6%
CVE-2019-11548 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5471 MEDIUM POC This Month

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy