Skip to main content
CVE-2019-11660 HIGH POC Act Now

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Protector
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
7.8%
CVE-2019-5485 CRITICAL POC THREAT MAL Act Now

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Gitlabhook
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
59.8%
CVE-2019-13364 CRITICAL POC Act Now

admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Piwigo
NVD GitHub
CVSS 3.1
9.6
EPSS
1.4%
CVE-2019-13363 CRITICAL POC Act Now

admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content,. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Piwigo
NVD GitHub
CVSS 3.1
9.6
EPSS
1.4%
CVE-2019-16293 HIGH POC This Week

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-16277 HIGH POC This Week

PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Picoc
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5484 HIGH POC PATCH This Week

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bower
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-12922 MEDIUM POC PATCH THREAT This Month

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Phpmyadmin Fedora
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
10.2%
CVE-2019-12517 MEDIUM POC This Month

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Slickquiz
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-13918 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13548 CRITICAL PATCH Act Now

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Stack Overflow RCE Control For Beaglebone Control For Empc A Imx6 +11
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-13923 CRITICAL Act Now

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ie Wsn Pa Link Wirelesshart Gateway Firmware
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2019-16289 MEDIUM POC This Month

The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woody Ad Snippets
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-12516 HIGH This Week

The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress PHP Slickquiz
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-15031 MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2019-15030 MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-13532 HIGH PATCH This Week

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Linux +9
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-10937 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Simatic Tdc Cp51M1 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-16288 HIGH This Week

On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda N301 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-5315 HIGH This Week

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2019-3646 MEDIUM This Month

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Total Protection
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-5314 MEDIUM This Month

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-13920 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2019-13919 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-13922 LOW PATCH Monitor

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
2.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy