Skip to main content
CVE-2019-16644 CRITICAL POC Act Now

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-16642 CRITICAL POC Act Now

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-16531 HIGH POC PATCH This Week

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP CSRF Layerbb
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-16645 HIGH POC This Week

An issue was discovered in Embedthis GoAhead 2.5.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Goahead
NVD GitHub Exploit-DB
CVSS 3.1
8.6
EPSS
8.2%
CVE-2019-14816 HIGH POC PATCH This Week

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +39
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-14814 HIGH POC PATCH This Week

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +34
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-15138 HIGH POC PATCH This Week

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Html Pdf
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-15087 HIGH POC This Week

An issue was discovered in PRiSE adAS 1.7.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Adas
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2019-6145 MEDIUM POC This Month

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Vpn Client
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-14916 MEDIUM POC This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adas
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-14912 MEDIUM POC This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Adas
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-15088 CRITICAL PATCH Act Now

An issue was discovered in PRiSE adAS 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adas
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-5521 CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2019-16643 MEDIUM POC This Month

An issue was discovered in ZrLog 2.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zrlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-14913 MEDIUM POC This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adas
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-6650 CRITICAL Act Now

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-6649 CRITICAL Act Now

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-14914 CRITICAL Act Now

An issue was discovered in PRiSE adAS 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adas
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2019-11327 MEDIUM POC This Month

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Net G5 Firmware
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2019-11326 HIGH This Week

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Net G5 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-11280 HIGH This Week

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pivotal Application Service
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15089 HIGH This Week

An issue was discovered in PRiSE adAS 1.7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Adas
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-4565 HIGH PATCH This Week

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15085 HIGH This Week

An issue was discovered in PRiSE adAS 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adas
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-16534 MEDIUM This Month

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2925 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16533 MEDIUM This Month

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2925 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15086 MEDIUM This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adas
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-14915 MEDIUM PATCH This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adas
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-14911 MEDIUM PATCH This Month

An issue was discovered in PRiSE adAS 1.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adas
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-4505 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
5.3
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy