Skip to main content
CVE-2019-18624 CRITICAL POC Act Now

Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Mini
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-10749 CRITICAL POC PATCH Act Now

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PostgreSQL Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-10748 CRITICAL POC PATCH Act Now

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-9926 HIGH POC This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Labkey Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-9757 HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
CVSS 3.1
7.5
EPSS
37.3%
CVE-2019-18608 HIGH POC This Week

Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cezerin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-16647 HIGH POC This Week

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Maxthon Browser
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2019-13066 MEDIUM POC This Month

Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Sahi Pro
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-8287 CRITICAL Act Now

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
19.5%
CVE-2019-18604 CRITICAL PATCH Act Now

In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Axohelp C Axodraw2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-15683 CRITICAL PATCH Act Now

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Stack Overflow RCE Turbovnc
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2019-15679 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-15678 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-10211 CRITICAL Act Now

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection OpenSSL PostgreSQL Microsoft RCE
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-10743 MEDIUM POC PATCH This Month

All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Archiver
NVD GitHub
CVSS 3.1
5.5
EPSS
6.6%
CVE-2019-9758 MEDIUM POC This Month

An issue was discovered in LabKey Server 19.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Labkey Server
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-3976 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10208 HIGH This Week

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PostgreSQL
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-4546 HIGH This Week

After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo For Oil And Gas Maximo Health Safety And Environment Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6848 HIGH This Week

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
8.6
EPSS
33.0%
CVE-2019-6851 HIGH This Week

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Tsxmcpc002M Firmware Tsxmcpc512K Firmware +19
NVD
CVSS 3.1
7.5
EPSS
29.9%
CVE-2019-6850 HIGH This Week

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6849 HIGH This Week

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon Bmenoc 0311 Firmware Modicon Bmenoc 0321 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6845 HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Tsxmcpc002M Firmware Tsxmcpc512K Firmware +19
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-3979 HIGH This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-3978 HIGH POC THREAT This Week

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mikrotik Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.3%
CVE-2019-3977 HIGH This Week

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mikrotik Information Disclosure Routeros
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-18602 HIGH This Week

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-18601 HIGH This Week

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Openafs
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-15681 HIGH PATCH This Week

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +5
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-15680 HIGH This Week

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tightvnc
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-0210 HIGH PATCH This Week

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Thrift Jboss Enterprise Application Platform +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-0205 HIGH PATCH This Week

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Thrift Jboss Enterprise Application Platform Communications Cloud Native Core Network Slice Selection Function
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2019-4339 HIGH PATCH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-4314 HIGH PATCH This Week

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-10210 HIGH This Week

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. Rated high severity (CVSS 7.0). No vendor patch available.

PostgreSQL Microsoft Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-6846 MEDIUM This Month

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-18611 MEDIUM PATCH This Month

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Checkuser
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-4306 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-18603 MEDIUM This Month

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2019-4309 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-4307 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18612 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-4600 MEDIUM This Month

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2019-4311 MEDIUM PATCH This Month

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-6847 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6844 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6843 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6842 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2019-6841 MEDIUM This Month

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Bmxcra Firmware Modicon 140Cra Firmware
NVD
CVSS 3.1
4.9
EPSS
24.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy