Skip to main content
CVE-2019-5151 CRITICAL POC Act Now

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service RCE Youphptube
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-5030 HIGH POC This Week

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Microsoft RCE Rainbow Pdf Office Server Document Converter
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-5150 HIGH POC This Week

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Denial Of Service RCE Youphptube
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2019-5043 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nest Cam Iq Indoor Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-5010 HIGH POC THREAT This Week

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Python Leap Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
21.4%
CVE-2019-5049 CRITICAL Act Now

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Amd Memory Corruption Radeon Rx 550 Firmware +2
NVD
CVSS 3.1
10.0
EPSS
2.0%
CVE-2019-5023 MEDIUM POC This Month

An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Grsecurity Pax
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-18644 MEDIUM POC This Month

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-18226 CRITICAL Act Now

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure H2W2Pc1M Firmware H2W2Per3 Firmware H2W4Per3 Firmware +61
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-13551 CRITICAL Act Now

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wise Paas Rmm
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-13547 CRITICAL Act Now

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wise Paas Rmm
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-13508 CRITICAL Act Now

FreeTDS through 1.1.11 has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freetds Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-18465 CRITICAL Act Now

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-18464 CRITICAL PATCH Act Now

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass SQLi Microsoft Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-18364 CRITICAL Act Now

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-18425 CRITICAL PATCH Act Now

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18645 MEDIUM POC This Month

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-16907 MEDIUM POC This Month

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian In App Desktop Notifications
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-14356 MEDIUM POC PATCH This Month

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Coldcard Mk1 Firmware Coldcard Mk2 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-18423 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-18422 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-16295 MEDIUM POC This Month

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-5095 MEDIUM POC This Month

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Information Disclosure Tempo
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-3421 HIGH This Week

The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte Command Injection Zx297520V3 Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2019-16675 HIGH This Week

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Information Disclosure Config +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2019-12612 HIGH This Week

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Box Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-18230 HIGH This Week

Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Honeywell H4D8Pr1 Firmware Hfd5Pr1 Firmware Hpw2P1 Firmware +45
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-18228 HIGH This Week

Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Denial Of Service H2W2Pc1M Firmware H2W2Per3 Firmware H2W4Per3 Firmware +22
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-18227 HIGH This Week

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Wise Paas Rmm
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-16906 HIGH This Week

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian In App Desktop Notifications
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-18421 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Race Condition Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-18368 HIGH This Week

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Toolbox
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2019-18396 HIGH POC THREAT This Week

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Td5130V2 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
16.2%
CVE-2019-15710 HIGH This Week

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortiextender Firmware
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-18424 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Xen Debian Linux Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-18229 MEDIUM This Month

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wise Paas Rmm
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-18420 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-18656 MEDIUM PATCH This Month

Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-17551 MEDIUM This Month

In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wholesale Floorplanning Finance
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-3419 MEDIUM This Month

A security vulnerability exists in a management port in the version of ZTE's ZXMP M721V3.10P01B10_M2NCP. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte Denial Of Service Zxmp M721 Dx Firmware
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2019-18657 MEDIUM PATCH This Month

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Clickhouse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-18369 MEDIUM This Month

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18367 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-18366 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18363 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18362 MEDIUM This Month

JetBrains MPS before 2019.2.2 exposed listening ports to the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mps
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-18361 MEDIUM This Month

JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-18360 MEDIUM This Month

In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-16251 MEDIUM This Month

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Yith Woocommerce Wishlist Yith Woocommerce Compare +36
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-18365 MEDIUM This Month

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy