Skip to main content
CVE-2019-9535 CRITICAL POC Act Now

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-17124 CRITICAL POC THREAT Act Now

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Viaware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
22.5%
CVE-2019-15859 CRITICAL POC THREAT Act Now

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Diris A 40 Firmware
NVD
CVSS 3.1
9.8
EPSS
34.1%
CVE-2019-17382 CRITICAL POC THREAT Act Now

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Authentication Bypass PHP
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
54.1%
CVE-2019-17362 CRITICAL POC PATCH Act Now

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Libtomcrypt Debian Linux
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
3.2%
CVE-2019-13529 HIGH POC This Week

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sunny Webbox Firmware
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-17372 HIGH POC This Week

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Ac1450 Firmware D8500 Firmware Dc112A Firmware +30
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-15719 HIGH POC This Week

Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Pbs Professional
NVD
CVSS 3.1
8.0
EPSS
2.0%
CVE-2019-17365 HIGH POC This Week

Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nix
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5053 HIGH POC This Week

An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Nitropdf
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5050 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2019-5048 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5047 HIGH POC This Week

An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Nitropdf
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5046 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5045 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-16905 HIGH POC PATCH This Week

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

SSH Integer Overflow RCE Buffer Overflow Openssh +4
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-17414 HIGH POC This Week

tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vino
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-15715 HIGH POC PATCH THREAT This Week

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Mantisbt
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
30.0%
CVE-2019-17370 HIGH POC This Week

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Otcms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2019-17371 MEDIUM POC This Month

gif2png 2.5.13 has a memory leak in the writefile function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gif2Png
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-17369 MEDIUM POC This Month

OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Otcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-17368 MEDIUM POC This Month

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-17415 CRITICAL Act Now

A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE File Sharing Wizard
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-1584 CRITICAL Act Now

A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Inspector
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-15020 CRITICAL Act Now

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Inspector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-15019 CRITICAL Act Now

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inspector
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17399 CRITICAL Act Now

The Shack Forms Pro extension before 4.0.32 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Shack Forms Pro
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-17383 CRITICAL PATCH Act Now

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Netaddr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-17373 CRITICAL Act Now

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mbr1515 Firmware Mbr1516 Firmware Dgn2200 Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17354 CRITICAL Act Now

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Nbg 418N V2 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
1.4%
CVE-2019-17366 HIGH This Week

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-15016 HIGH This Week

An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Inspector
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-15014 HIGH This Week

A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Inspector
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-0070 HIGH This Week

An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2019-0062 HIGH This Week

A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Session Fixation Information Disclosure Junos
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-0047 HIGH This Week

A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-17375 HIGH This Week

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13051 HIGH PATCH This Week

Pi-Hole 4.3 allows Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Pi Hole
NVD GitHub
CVSS 3.1
8.8
EPSS
12.5%
CVE-2019-11341 MEDIUM POC This Month

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-15017 HIGH This Week

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2019-15015 HIGH This Week

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inspector
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2019-17353 HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2019-3765 HIGH This Week

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Avamar Server Emc Integrated Data Protection Appliance
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-5700 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure RCE Shield Experience
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5699 HIGH This Week

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Buffer Overflow RCE +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-0071 HIGH This Week

Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Jwt Attack Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-0061 HIGH This Week

The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0058 HIGH This Week

A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0057 HIGH This Week

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-4558 HIGH PATCH This Week

A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection IBM Spectrum Scale
NVD
CVSS 3.1
7.8
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy