Skip to main content
CVE-2019-5042 HIGH POC This Week

An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-16403 HIGH POC PATCH This Week

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bagisto
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-14252 HIGH POC This Week

An issue was discovered in the secure portal in Publisure 2.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Publisure
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-13556 HIGH This Week

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-13552 HIGH This Week

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webaccess
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-9679 HIGH PATCH This Week

Some of Dahua's Debug functions do not have permission separation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-11661 HIGH This Week

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Service Manager
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2019-5534 HIGH This Week

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2019-5532 HIGH This Week

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server
NVD
CVSS 3.1
7.7
EPSS
1.9%
CVE-2019-9678 HIGH PATCH This Week

Some Dahua products have the problem of denial of service during the login process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-14458 HIGH This Week

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Camera
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-15843 HIGH This Week

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Xiaomi Millet Firmware
NVD
CVSS 3.1
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy