Skip to main content
CVE-2019-16913 HIGH POC This Week

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17232 HIGH POC This Week

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Ultimate Faq
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-16263 HIGH POC This Week

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apple Information Disclosure Twitter Kit
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2019-17233 MEDIUM POC This Month

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ultimate Faq
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-17042 CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17041 CRITICAL PATCH Act Now

An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Rsyslog Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-12812 CRITICAL Act Now

MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Mybuilder
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-12811 CRITICAL Act Now

ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Mybuilder
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-15751 CRITICAL Act Now

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE Sitos Six
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-15748 CRITICAL Act Now

SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sitos Six
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-15746 CRITICAL Act Now

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Sitos Six
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-17269 CRITICAL Act Now

Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Remote Access
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17267 CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Active Iq Unified Manager Oncommand Api Services Oncommand Workflow Automation +8
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-17313 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17312 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17311 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17308 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17305 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17303 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17302 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17300 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17298 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17297 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17296 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17295 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17294 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17293 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17319 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17318 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17316 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15747 HIGH This Week

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sitos Six
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13120 HIGH This Week

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Amazon Web Services Freertos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3745 HIGH This Week

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2019-17314 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-17310 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17309 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17307 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17306 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17304 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17301 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17299 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17292 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-17317 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17315 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-3688 HIGH This Week

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse Linux Enterprise Server
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-15894 MEDIUM This Month

An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Esp Idf
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-15749 MEDIUM This Month

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-17239 MEDIUM This Month

includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Download Plugins And Themes From Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-15750 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
CVSS 3.1
6.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy