Skip to main content
CVE-2019-3010 HIGH POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Solaris
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
13.4%
CVE-2019-13116 CRITICAL POC PATCH Act Now

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Apache Deserialization Mule Runtime
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2019-17662 CRITICAL POC THREAT Act Now

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinvnc
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
96.8%
CVE-2019-17626 CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2019-17512 CRITICAL POC Act Now

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 412 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2019-3025 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Oracle Hospitality Res 3700
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
14.5%
CVE-2019-17625 CRITICAL POC MAL Act Now

There is a stored XSS in Rambox 0.6.9 that can lead to code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Node.js XSS Command Injection Rambox
NVD GitHub
CVSS 3.1
9.0
EPSS
3.0%
CVE-2019-17665 HIGH POC This Week

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ghidra
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17624 HIGH POC This Week

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption X Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-15258 MEDIUM POC This Month

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to cause a denial of service condition on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cisco Spa112 Firmware Spa122 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-17627 MEDIUM POC This Month

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yale Bluetooth Key
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-17611 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17610 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17609 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17608 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17607 MEDIUM POC This Month

HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17660 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-16521 MEDIUM POC This Month

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Broken Link Checker
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-13392 MEDIUM POC This Month

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Natemail
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2019-10458 CRITICAL Act Now

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Puppet Enterprise Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.9%
CVE-2019-16700 CRITICAL PATCH Act Now

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Upload RCE Slub Events
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16699 CRITICAL PATCH Act Now

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sr Freecap
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-15260 CRITICAL Act Now

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Aironet 1540 Firmware Aironet 1560 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-2904 CRITICAL PATCH Act Now

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Testing Suite Banking Enterprise Collections Banking Enterprise Originations +19
NVD
CVSS 3.1
9.8
EPSS
14.3%
CVE-2019-6334 CRITICAL Act Now

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE Futuresmart 3 Futuresmart 4
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-17578 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-17577 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-17576 MEDIUM POC This Month

An issue was discovered in Dolibarr 10.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-16523 MEDIUM POC This Month

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Events Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2019-16520 MEDIUM POC PATCH This Month

The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress All In One Seo Pack
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2019-3020 CRITICAL PATCH Act Now

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
9.3
EPSS
1.5%
CVE-2019-12636 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF Sf250 24 Firmware Sf250 24P Firmware +106
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-3028 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16522 MEDIUM POC This Month

The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Eu Cookie Law
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-17630 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-17629 MEDIUM POC This Month

CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-10449 HIGH PATCH This Week

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Fortify On Demand
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10448 HIGH This Week

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Extensive Testing
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-10443 HIGH PATCH This Week

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-10440 HIGH PATCH This Week

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neoload
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-10437 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Crx Content Package Deployer
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-15261 HIGH This Week

A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet 1810 Firmware Aironet 1830 Firmware Aironet 1850 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-2905 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-3017 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2019-3000 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2995 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2994 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-2990 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2019-2942 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.1
8.2
EPSS
1.4%
CVE-2019-2906 HIGH PATCH This Week

Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.1
8.2
EPSS
1.7%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy