Skip to main content
CVE-2019-16377 CRITICAL POC PATCH Act Now

The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure HashiCorp Consul
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-16722 CRITICAL POC Act Now

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Zzzphp
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-16702 CRITICAL POC THREAT Act Now

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integard Pro
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.7%
CVE-2019-16705 CRITICAL POC Act Now

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libming
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2019-16706 HIGH POC This Week

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Kkcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-10754 HIGH POC PATCH This Week

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apache Central Authentication Service
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2019-13063 HIGH POC THREAT This Week

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sahi Pro
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
27.2%
CVE-2019-16720 HIGH POC This Week

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-16721 MEDIUM POC This Month

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Nonecms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16719 MEDIUM POC This Month

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Wtcms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16713 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16712 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-16711 MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16710 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16709 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-16708 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16707 MEDIUM POC This Month

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hunspell Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-16703 MEDIUM POC This Month

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-3416 CRITICAL Act Now

All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-16704 MEDIUM POC This Month

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16518 MEDIUM POC This Month

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swell Kit Mod Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-11277 HIGH This Week

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection LDAP Cf Deployment Nfs Volume Release
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-10996 HIGH This Week

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Crimson
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10978 HIGH This Week

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Crimson
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10984 HIGH This Week

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crimson
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-16718 HIGH PATCH This Week

In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-1367 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
52.7%
CVE-2019-1255 HIGH PATCH This Week

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-16714 HIGH PATCH This Week

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Traffix Signaling Delivery Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-10990 MEDIUM This Month

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crimson
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-12407 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10090 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-12404 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10089 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10087 MEDIUM PATCH This Month

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2019-10755 MEDIUM PATCH This Month

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Apache Pac4J
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2019-15635 MEDIUM This Month

An issue was discovered in Grafana 5.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2019-16723 MEDIUM PATCH This Month

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Cacti
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy