Skip to main content
CVE-2019-11660 HIGH POC Act Now

Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Protector
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
7.8%
CVE-2019-16293 HIGH POC This Week

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-16277 HIGH POC This Week

PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Picoc
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5484 HIGH POC PATCH This Week

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bower
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-12516 HIGH This Week

The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress PHP Slickquiz
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-13532 HIGH PATCH This Week

CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Control For Linux +9
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-10937 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Simatic Tdc Cp51M1 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-16288 HIGH This Week

On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda N301 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-5315 HIGH This Week

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy