Skip to main content
CVE-2019-17526 CRITICAL POC PATCH Act Now

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Sagemathcell
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-15901 HIGH POC PATCH This Week

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Doas
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-18198 HIGH POC PATCH This Week

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-17393 CRITICAL Act Now

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-15900 CRITICAL PATCH Act Now

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Doas
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-17207 MEDIUM POC This Month

A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Broken Link Checker
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2019-17367 HIGH PATCH This Week

OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Openwrt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-18197 HIGH PATCH This Week

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libxslt Ubuntu Linux +1
NVD VulDB
CVSS 3.1
7.5
EPSS
4.5%
CVE-2019-13545 HIGH This Week

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-13541 HIGH This Week

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-16919 HIGH PATCH This Week

Harbor API has a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Harbor Cloud Foundation Harbor Container Registry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-17513 HIGH PATCH This Week

An issue was discovered in Ratpack before 1.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ratpack
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-4409 MEDIUM PATCH This Month

HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Traveler
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy