Skip to main content
CVE-2019-18417 HIGH POC This Week

Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Restaurant Management System
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-18414 HIGH POC This Week

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Restaurant Management System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-12095 HIGH POC This Week

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Groupware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-18409 HIGH POC This Week

The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ruby Parser Legacy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17596 HIGH POC PATCH This Week

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Go Debian Linux Fedora Developer Tools +7
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-18201 HIGH POC This Week

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lx390 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-5013 HIGH This Week

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Driver
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-5012 HIGH This Week

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Driver
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-6692 HIGH This Week

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Microsoft RCE Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-18408 HIGH PATCH This Week

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libarchive Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-15703 HIGH This Week

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-11021 HIGH This Week

admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE Cms
NVD VulDB
CVSS 3.1
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy