Skip to main content
CVE-2019-17266 CRITICAL POC Act Now

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsoup Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-17240 CRITICAL POC THREAT Act Now

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Bludit
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
39.6%
CVE-2019-17214 HIGH POC This Week

The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Webarx
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-17213 MEDIUM POC This Month

The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Webarx
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-17216 CRITICAL Act Now

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Combi Stream Mslq Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-17215 CRITICAL Act Now

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Combi Stream Mslq Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-17225 MEDIUM POC This Month

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.9%
CVE-2019-17218 CRITICAL Act Now

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Combi Stream Mslq Firmware
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2019-17226 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-17219 HIGH This Week

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Combi Stream Mslq Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-17217 HIGH This Week

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Combi Stream Mslq Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-17264 LOW POC PATCH Monitor

In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Liblnk
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-17263 LOW POC PATCH Monitor

In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libfwsi
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy