Skip to main content
CVE-2019-18213 HIGH POC PATCH This Week

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE SSRF Red Hat Xml Server Project Wild Web Developer +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-18280 HIGH POC This Week

Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Online Grading System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-17093 HIGH POC This Week

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Antivirus Anti Virus
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-18278 HIGH POC This Week

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Vlc Media Player
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18385 HIGH POC This Week

An issue was discovered on TerraMaster FS-210 4.0.19 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fs 210 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-18382 HIGH POC This Week

An issue was discovered on AVStar PE204 3.10.70 IP camera devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pe204 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-18371 HIGH POC THREAT This Week

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nginx Millet Router 3G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
55.9%
CVE-2019-18277 HIGH POC THREAT This Week

A flaw was found in HAProxy before 2.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Haproxy
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2019-11283 HIGH This Week

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment Cloud Foundry Smb Volume
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-18220 HIGH This Week

Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sitemagic
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-10471 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Libvirt Slaves
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10468 HIGH This Week

A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Kubernetes Ci
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10464 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF Deploy Weblogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-10466 HIGH This Week

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins 360 Fireline
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-10462 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Dynatrace Application Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-10476 HIGH PATCH This Week

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zulip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10461 HIGH PATCH This Week

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dynatrace Application Monitoring
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10460 HIGH PATCH This Week

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Bitbucket Oauth
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-8238 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-18383 HIGH This Week

An issue was discovered on TerraMaster FS-210 4.0.19 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fs 210 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy