Skip to main content
CVE-2019-1322 HIGH POC KEV PATCH THREAT Act Now

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1803 Windows 10 1809 Windows 10 1903 +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
19.2%
CVE-2019-17495 CRITICAL POC PATCH Act Now

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Swagger Ui Banking Apis Banking Digital Experience Banking Platform +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2019-11526 CRITICAL POC Act Now

An issue was discovered in Softing uaGate SI 1.60.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Uagate Si Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-17455 CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17429 CRITICAL POC Act Now

Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Adhouma Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-17490 HIGH POC This Week

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jiangnan Online Judge
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15051 HIGH POC This Week

An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Uagate Si Firmware Uagate Mb Firmware Uagate 840D Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-11527 HIGH POC This Week

An issue was discovered in Softing uaGate SI 1.60.01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Uagate Si Firmware
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2019-17431 HIGH POC This Week

An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Fastadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-1364 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.7%
CVE-2019-11528 HIGH POC This Week

An issue was discovered in Softing uaGate SI 1.60.01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uagate Si Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-17419 HIGH POC This Week

An issue was discovered in MetInfo 7.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2019-17418 HIGH POC THREAT This Week

An issue was discovered in MetInfo 7.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Metinfo
NVD GitHub
CVSS 3.1
7.2
EPSS
49.3%
CVE-2019-17454 MEDIUM POC This Month

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTag in Core/Ap4Descriptor.h, related to AP4_StsdAtom::GetSampleDescription in Core/Ap4StsdAtom.cpp, as demonstrated by mp4info. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-17453 MEDIUM POC This Month

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::WriteFields in Core/Ap4IodsAtom.cpp, as demonstrated by mp4encrypt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-17452 MEDIUM POC This Month

Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListInspector::Action in Core/Ap4Descriptor.h, related to AP4_IodsAtom::InspectFields in Core/Ap4IodsAtom.cpp, as demonstrated by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-17451 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-17450 MEDIUM POC This Month

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-1347 MEDIUM POC PATCH THREAT This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure Windows 10 +5
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
14.0%
CVE-2019-1346 MEDIUM POC PATCH THREAT This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Microsoft Information Disclosure Windows 10 +7
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
10.2%
CVE-2019-1343 MEDIUM POC PATCH THREAT This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
10.2%
CVE-2019-17432 MEDIUM POC This Month

An issue was discovered in fastadmin 1.0.0.20190705_beta. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Fastadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-17494 MEDIUM POC This Month

laravel-bjyblog 6.1.1 has XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laravel Bjyblog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17493 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-17491 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-17489 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-17488 MEDIUM POC This Month

b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-1372 CRITICAL PATCH Act Now

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Azure App Service On Azure Stack
NVD
CVSS 3.1
10.0
EPSS
17.8%
CVE-2019-1365 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
4.1%
CVE-2019-9533 CRITICAL Act Now

The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Explorer 710 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9531 CRITICAL Act Now

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Explorer 710 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-17320 CRITICAL Act Now

NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xftp
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-17072 CRITICAL Act Now

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Contact Form Widget
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-1345 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Information Disclosure Windows 10 Windows Server 2016 +1
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
2.8%
CVE-2019-1344 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Information Disclosure Windows 10 Windows 7 +6
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
2.9%
CVE-2019-17434 MEDIUM POC This Month

LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lavalite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17426 CRITICAL PATCH Act Now

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2019-17386 HIGH PATCH This Week

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Animate It
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-5527 HIGH This Week

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free VMware Information Disclosure Memory Corruption Horizon +4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2019-1333 HIGH PATCH This Week

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
14.9%
CVE-2019-1331 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Office Office 365 Proplus +2
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2019-1327 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Office 365 Proplus
NVD
CVSS 3.1
8.8
EPSS
12.6%
CVE-2019-1060 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE Windows 10 Windows 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
12.9%
CVE-2019-17433 MEDIUM POC This Month

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laravel Admin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-17417 MEDIUM POC This Month

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pbootcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-9534 HIGH This Week

The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Explorer 710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-9532 HIGH This Week

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Explorer 710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-1378 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Microsoft RCE Windows 10 Update Assistant
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-1362 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-1359 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
18.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy