Skip to main content
CVE-2019-16932 CRITICAL POC THREAT Act Now

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Visualizer
NVD
CVSS 3.1
10.0
EPSS
39.1%
CVE-2019-16999 CRITICAL POC Act Now

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cloudboot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16676 CRITICAL POC PATCH Act Now

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Simple Form
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-17051 HIGH POC This Week

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Evernote
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-16760 HIGH POC PATCH This Week

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rust
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-17049 HIGH POC This Week

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear SQLi Srx5308 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16995 HIGH POC PATCH This Week

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Leap Aff A700S Firmware +14
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-17046 HIGH POC This Week

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Ilch Cms
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2019-16997 HIGH POC THREAT This Week

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
49.4%
CVE-2019-16996 HIGH POC THREAT This Week

In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
12.4%
CVE-2019-16414 MEDIUM POC This Month

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kerio Control
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-2294 CRITICAL PATCH Act Now

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Mdm9205 Firmware Mdm9206 Firmware Mdm9607 Firmware +44
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-2252 CRITICAL PATCH Act Now

Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9650 Firmware Msm8909W Firmware Msm8996au Firmware +33
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-10540 CRITICAL Act Now

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware Msm8996au Firmware Qca6174a Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10539 CRITICAL Act Now

Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Ipq8074 Firmware Mdm9206 Firmware Mdm9607 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10538 CRITICAL PATCH Act Now

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Msm8909W Firmware Msm8996au Firmware Qcs405 Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10509 CRITICAL PATCH Act Now

Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Information Disclosure Memory Corruption Msm8909W Firmware +31
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-17040 CRITICAL PATCH Act Now

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rsyslog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-16684 MEDIUM POC PATCH This Month

An issue was discovered in the image-manager in Xoops 2.5.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xoops
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-16683 MEDIUM POC PATCH This Month

An issue was discovered in the image-manager in Xoops 2.5.10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xoops
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-17045 MEDIUM POC This Month

Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilch Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16745 HIGH This Week

eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16744 HIGH This Week

eBrigade before 5.0 has evenements.php cid SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16743 HIGH This Week

eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Ebrigade
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16993 HIGH PATCH This Week

In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Phpbb Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-16994 MEDIUM POC PATCH This Month

In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel Leap Enterprise Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-10510 HIGH PATCH This Week

BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Qualcomm Qcs405 Firmware Qcs605 Firmware +10
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2019-2341 HIGH PATCH This Week

Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2333 HIGH PATCH This Week

Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9607 Firmware Mdm9650 Firmware +35
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10508 HIGH PATCH This Week

Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10507 HIGH PATCH This Week

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Mdm9150 Firmware Mdm9206 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10506 HIGH PATCH This Week

While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9206 Firmware Mdm9607 Firmware Msm8996au Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10501 HIGH PATCH This Week

Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +37
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10499 HIGH PATCH This Week

Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10498 HIGH This Week

Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Mdm9150 Firmware Mdm9206 Firmware Mdm9607 Firmware +41
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10497 HIGH PATCH This Week

Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9150 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10492 HIGH PATCH This Week

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 /. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Mdm9607 Firmware Msm8909W Firmware Qualcomm 215 Firmware +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2019-3732 HIGH This Week

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite Rsa Bsafe Crypto C
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3731 HIGH This Week

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-3730 HIGH This Week

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-3728 HIGH This Week

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Bsafe Crypto C Bsafe Crypto C Micro Edition Bsafe Micro Edition Suite
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-13124 HIGH PATCH This Week

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-13123 HIGH PATCH This Week

Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Foxit Reader
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16276 HIGH PATCH This Week

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go Debian Linux Leap +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2019-13466 HIGH PATCH This Week

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Ssd Dashboard
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-10489 HIGH This Week

Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9206 Firmware Mdm9607 Firmware +40
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-16992 HIGH This Week

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Apple Information Disclosure Keybase
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-17050 HIGH This Week

An issue was discovered in the Voyager package through 1.2.7 for Laravel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Voyager
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2019-2284 HIGH PATCH This Week

Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.0).

Race Condition Qualcomm Information Disclosure Msm8909W Firmware Qcs405 Firmware +19
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2019-4304 MEDIUM This Month

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation IBM Websphere Application Server
NVD
CVSS 3.1
6.3
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy