Skip to main content
CVE-2019-16759 CRITICAL POC KEV THREAT Emergency

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Vbulletin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.7%
CVE-2019-16724 CRITICAL POC THREAT Emergency

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE File Sharing Wizard
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
72.2%
CVE-2019-13357 HIGH POC This Week

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Anti Virus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-13356 HIGH POC This Week

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Anti Virus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-13355 HIGH POC This Week

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Anti Virus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5094 HIGH POC This Week

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. Rated high severity (CVSS 7.5). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption E2Fsprogs Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16754 HIGH POC This Week

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-14239 MEDIUM POC This Month

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kinetis Kv1X Firmware Kinetis Kv3X Firmware Kinetis K8X Firmware
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-14238 MEDIUM POC This Month

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Stm32L0 Firmware Stm32L1 Firmware Stm32F4 Firmware Stm32L4 Firmware +2
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-16751 MEDIUM POC PATCH This Month

An issue was discovered in Devise Token Auth through 1.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Devise Token Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16728 MEDIUM POC PATCH This Month

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Google Dompurify Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-5505 CRITICAL PATCH Act Now

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-5504 CRITICAL PATCH Act Now

ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-16411 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-16748 CRITICAL Act Now

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-16746 CRITICAL PATCH Act Now

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2019-16383 CRITICAL POC PATCH Act Now

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Authentication Bypass SQLi Microsoft Moveit Transfer
NVD Exploit-DB
CVSS 3.1
9.4
EPSS
5.2%
CVE-2019-16410 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2019-15699 CRITICAL Act Now

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2019-13527 HIGH This Week

In Rockwell Automation Arena Simulation Software Cat. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2019-16729 HIGH PATCH This Week

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Pam Python Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-14753 HIGH This Week

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fx0 Gpnt00000 Firmware Fx0 Gent00000 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3726 MEDIUM This Month

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used. Rated medium severity (CVSS 6.7). No vendor patch available.

Dell RCE Update Package Framework
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-14220 MEDIUM PATCH This Month

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Apple Google Bluestacks
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-4515 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Security Key Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-16725 MEDIUM PATCH This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4566 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-13528 MEDIUM This Month

A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000),. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Niagara Ax Niagara4
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2019-12068 LOW PATCH Monitor

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
3.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy