Skip to main content
CVE-2019-13025 CRITICAL POC Act Now

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ch7465Lg Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-5031 HIGH POC This Week

An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2019-17080 HIGH POC This Week

mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Mintinstall
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
8.2%
CVE-2019-13343 HIGH POC PATCH This Week

Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Portal
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-17091 MEDIUM POC PATCH This Month

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Java Mojarra Mojarra Javaserver Faces Application Testing Suite +20
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-13957 CRITICAL Act Now

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Umbraco
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-12736 CRITICAL Act Now

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ktor
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-12630 CRITICAL Act Now

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2019-12157 CRITICAL Act Now

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity Upsource
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-11929 CRITICAL PATCH Act Now

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution.30.10, all versions between 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-10212 CRITICAL PATCH Act Now

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Undertow Jboss Data Grid Jboss Enterprise Application Platform Jboss Fuse +3
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-13658 CRITICAL Act Now

CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Network Flow Analysis
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-14454 CRITICAL Act Now

SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13335 CRITICAL Act Now

SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-15040 HIGH This Week

JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtrack
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-12689 HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-12688 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-12687 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-12686 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12685 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12684 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12683 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12682 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12681 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12680 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12679 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-12675 HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Firepower 9300 Firmware Firepower 4115 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-15256 HIGH This Week

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Cisco Adaptive Security Appliance Software Firepower Threat Defense +11
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-16116 MEDIUM POC This Month

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Completeftp Server
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
3.7%
CVE-2019-12674 HIGH This Week

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Firepower 9300 Firmware Firepower 4115 Firmware +6
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2019-4538 HIGH PATCH This Week

IBM Security Directory Server 6.4.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Security Directory Server
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2019-12699 HIGH This Week

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower 9300 Firmware Firepower Threat Defense Firepower Extensible Operating System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-14958 HIGH This Week

JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pycharm
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-12706 HIGH This Week

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12698 HIGH This Week

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12697 HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12696 HIGH This Week

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12678 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12673 HIGH This Week

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-8462 HIGH This Week

In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Checkpoint Security Gateway
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-4520 HIGH PATCH This Week

IBM Security Directory Server 6.4.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Directory Server
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-12676 HIGH This Week

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-16407 HIGH This Week

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Resharper
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2019-15036 HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-12690 HIGH This Week

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2019-4539 HIGH PATCH This Week

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Directory Server
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2019-12694 MEDIUM This Month

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-1915 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager Unity Connection Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-15272 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-12714 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Ic3000 Industrial Compute Gateway Firmware
NVD
CVSS 3.1
6.5
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy