Skip to main content
CVE-2019-10759 CRITICAL POC PATCH Act Now

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Safer Eval
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2019-17613 CRITICAL POC Act Now

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE CSRF Qibosoft
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-17395 CRITICAL POC Act Now

In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Rapidgator
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17601 CRITICAL POC Act Now

In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Minishare
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-17398 CRITICAL POC Act Now

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Dark Horse Comics
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17394 CRITICAL POC Act Now

In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Parent And Family
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17355 CRITICAL POC Act Now

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Orbitz
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17397 CRITICAL POC Act Now

In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Doordash
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17600 CRITICAL POC Act Now

Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Iwr 1000N Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-17612 HIGH POC This Week

An issue was discovered in 74CMS v5.2.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP 74Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2019-17356 MEDIUM POC This Month

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Infinite Design
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-10760 CRITICAL PATCH Act Now

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Safer Eval
NVD
CVSS 3.1
9.9
EPSS
2.9%
CVE-2019-17602 CRITICAL Act Now

An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
81.5%
CVE-2019-17396 CRITICAL PATCH Act Now

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Powerschool Mobile
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-17195 CRITICAL PATCH Act Now

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Nimbus Jose Jwt Hadoop Communications Cloud Native Core Security Edge Protection Proxy +12
NVD
CVSS 3.1
9.8
EPSS
11.0%
CVE-2019-14832 HIGH PATCH This Week

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keycloak
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-12944 HIGH This Week

Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Glue Smart Lock Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-17223 MEDIUM PATCH This Month

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
6.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy