Skip to main content
CVE-2019-14237 CRITICAL POC Act Now

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kinetis Kv1X Firmware Kinetis Kv3X Firmware Kinetis K8X Firmware
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-14236 CRITICAL POC Act Now

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Stm32L0 Firmware Stm32L1 Firmware Stm32F4 Firmware Stm32L4 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-16257 CRITICAL POC Act Now

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Motorola Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-16256 CRITICAL POC KEV THREAT Act Now

Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung S T Browser
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-16261 CRITICAL POC Act Now

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pdumh15At Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
2.8%
CVE-2019-16238 MEDIUM POC This Month

Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aurora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-11898 CRITICAL Act Now

Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Access
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2019-8070 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2019-8069 CRITICAL Act Now

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-6005 CRITICAL Act Now

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Smart Tv Box Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-3638 CRITICAL Act Now

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Gateway
NVD
CVSS 3.1
9.6
EPSS
1.9%
CVE-2019-6007 HIGH This Week

Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow RCE Apng Drawable
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-5996 HIGH This Week

SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Video Insight Vms
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-5993 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Category Specific Rss Feed Subscription
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-5992 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Ultra Simple Paypal Shopping Cart
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5986 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pr S300Ne Firmware Rt S300Ne Firmware Rv S340Ne Firmware Pr S300Hi Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-10392 HIGH PATCH This Week

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Command Injection Git Client
NVD
CVSS 3.1
8.8
EPSS
25.8%
CVE-2019-8076 HIGH This Week

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Application Manager
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-11773 HIGH This Week

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Omr
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5991 HIGH This Week

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.1
7.6
EPSS
1.2%
CVE-2019-11899 HIGH This Week

An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Information Disclosure Access
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-11774 HIGH PATCH This Week

Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Omr
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2019-13534 HIGH This Week

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intellivue Mp Monitors Mp20 Mp90 Firmware Intellivue Mp Monitors Mp5 5Sc Firmware Intellivue Mp Monitors Mp2 X2 Firmware Intellivue Mp Monitors Mx800 700 600 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2019-13530 HIGH This Week

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Intellivue Mp Monitors Mp20 Mp90 Firmware Intellivue Mp Monitors Mp5 5Sc Firmware Intellivue Mp Monitors Mp2 X2 Firmware Intellivue Mp Monitors Mx800 700 600 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-16275 MEDIUM PATCH This Month

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant Debian Linux Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-5956 MEDIUM This Month

Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wondercms
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6009 MEDIUM PATCH This Month

Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-6004 MEDIUM This Month

Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apeosware Management Suite Apeosware Management Suite 2
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6003 MEDIUM This Month

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amazon Pay
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-5985 MEDIUM This Month

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pr S300Ne Firmware Rt S300Ne Firmware Rv S340Ne Firmware Pr S300Hi Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-5978 MEDIUM This Month

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Garoon
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10398 MEDIUM PATCH This Month

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Beaker Builder
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-5975 MEDIUM This Month

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-10396 MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dashboard View
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10395 MEDIUM PATCH This Month

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Environment
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5976 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-5977 MEDIUM This Month

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Garoon
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-10400 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10399 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10394 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10393 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10397 LOW PATCH Monitor

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Aqua Security Severless Scanner
NVD
CVSS 3.1
3.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy