Skip to main content
CVE-2019-16894 CRITICAL POC Act Now

download.php in inoERP 4.15 allows SQL injection through insecure deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deserialization PHP Inoerp
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-16667 HIGH POC THREAT This Week

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pfsense
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
54.5%
CVE-2019-16869 HIGH POC PATCH This Week

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Netty Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2019-12562 MEDIUM POC PATCH This Month

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dotnetnuke
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.2%
CVE-2019-16532 MEDIUM POC This Month

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Yzmcms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-10092 MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server Leap Debian Linux +7
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
81.5%
CVE-2019-16915 CRITICAL PATCH Act Now

An issue was discovered in pfSense through 2.4.4-p3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Pfsense
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-16755 CRITICAL Act Now

BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Myit Digital Workplace
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16904 MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16738 MEDIUM POC PATCH This Month

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Mediawiki Fedora Debian Linux
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-16903 MEDIUM POC This Month

Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Platinum
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-10082 CRITICAL PATCH Act Now

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Apache Memory Corruption Http Server +4
NVD
CVSS 3.1
9.1
EPSS
16.5%
CVE-2019-11279 HIGH This Week

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Uaa Release
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-11278 HIGH This Week

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection User Account And Authentication
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-16524 MEDIUM POC This Month

The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Fancybox
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-12091 HIGH This Week

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netskope
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-10882 HIGH This Week

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Netskope
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-15862 HIGH This Week

An issue was discovered in CKFinder through 2.6.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ckfinder
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6175 HIGH PATCH This Week

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lenovo System Update
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6161 HIGH This Week

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Cp Storage Block Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-0203 HIGH PATCH This Week

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Apache Subversion
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-14844 HIGH PATCH This Week

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kerberos 5 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-16901 HIGH This Week

Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16900 HIGH This Week

Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16899 HIGH This Week

In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Hmi Designer
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-10097 HIGH This Week

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Apache Buffer Overflow Http Server +6
NVD
CVSS 3.1
7.2
EPSS
52.9%
CVE-2019-4378 MEDIUM This Month

IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable to a denial of service attack caused by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-16914 MEDIUM PATCH This Month

An XSS issue was discovered in pfSense through 2.4.4-p3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Pfsense
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-16910 MEDIUM PATCH This Month

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mbed Crypto Mbed Tls Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-14272 MEDIUM PATCH This Month

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Silverstripe
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-15891 MEDIUM This Month

An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ckfinder
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-16409 MEDIUM PATCH This Month

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverstripe Versionedfiles
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-13523 MEDIUM This Month

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Hbd3Pr2 Firmware H4D3Prv3 Firmware Hed3Pr3 Firmware +56
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-4262 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-14273 MEDIUM PATCH This Month

In SilverStripe assets 4.0, there is broken access control on files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Silverstripe
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-12617 LOW PATCH Monitor

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Silverstripe
NVD
CVSS 3.1
2.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy