Skip to main content
CVE-2019-3975 CRITICAL POC Act Now

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-15896 CRITICAL POC Act Now

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP WordPress Privilege Escalation Authentication Bypass +1
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2019-12401 HIGH POC PATCH This Week

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solr
NVD GitHub
CVSS 3.1
7.5
EPSS
7.5%
CVE-2019-14721 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webpanel
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-10256 CRITICAL Act Now

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Camera
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-14457 CRITICAL Act Now

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Camera
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-11495 CRITICAL Act Now

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-11496 CRITICAL Act Now

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2019-12105 HIGH PATCH This Week

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Supervisor
NVD GitHub
CVSS 3.1
8.2
EPSS
2.3%
CVE-2019-12943 HIGH This Week

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ttlock
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-11669 HIGH This Week

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-11668 HIGH This Week

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Service Manager Service Manager Chat Server Service Manager Chat Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-11497 HIGH This Week

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-11467 HIGH This Week

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-0365 HIGH This Week

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Microsoft SAP Sap Kernel +4
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0352 HIGH This Week

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16106 HIGH This Week

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Humatrix
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-0355 HIGH This Week

SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-0363 HIGH This Week

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2019-16202 MEDIUM PATCH This Month

MISP before 2.4.115 allows privilege escalation in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Misp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-0357 MEDIUM This Month

The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Hana
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-12942 MEDIUM This Month

TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ttlock
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-11464 MEDIUM This Month

Some enterprises require that REST API endpoints include security-related headers in REST responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-0361 MEDIUM This Month

SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-14726 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2019-12996 MEDIUM This Month

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mendix
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-11466 MEDIUM This Month

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-1549 MEDIUM This Month

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
6.2%
CVE-2019-11465 MEDIUM This Month

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-5503 MEDIUM This Month

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Workflow Automation
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-1547 MEDIUM This Month

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. Rated medium severity (CVSS 4.7). No vendor patch available.

OpenSSL Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
1.2%
CVE-2019-0364 MEDIUM This Month

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-0356 MEDIUM This Month

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench - MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-14730 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14729 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14728 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14727 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14723 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-14722 MEDIUM This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%
CVE-2019-1563 LOW Monitor

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Oracle
NVD
CVSS 3.1
3.7
EPSS
3.8%
CVE-2019-0353 LOW Monitor

Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Business One Client
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy