Skip to main content
CVE-2019-16913 HIGH POC This Week

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17232 HIGH POC This Week

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Ultimate Faq
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-16263 HIGH POC This Week

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apple Information Disclosure Twitter Kit
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2019-17313 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17312 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17311 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-17308 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17305 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17303 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17302 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17300 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-17298 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17297 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17296 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17295 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17294 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17293 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17319 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17318 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-17316 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15747 HIGH This Week

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sitos Six
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13120 HIGH This Week

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Amazon Web Services Freertos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3745 HIGH This Week

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Encryption Endpoint Security Suite Enterprise
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2019-17314 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-17310 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17309 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17307 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17306 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17304 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17301 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17299 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17292 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-17317 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-17315 HIGH This Week

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Prototype Pollution Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-3688 HIGH This Week

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse Linux Enterprise Server
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy