Skip to main content
CVE-2019-16311 HIGH POC This Week

NIUSHOP V1.11 has CSRF via search_info to index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Niushop
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16305 HIGH POC This Week

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mobaxterm
NVD
CVSS 3.1
8.8
EPSS
6.7%
CVE-2019-16294 HIGH POC This Week

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Notepad +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
9.8%
CVE-2019-16313 HIGH POC THREAT This Week

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fr6 Firmware Fr8 Firmware Fr5 Firmware Fr5 E Firmware +1
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2019-16318 HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-16317 HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy