Skip to main content
CVE-2019-5089 HIGH POC This Week

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Able2Extract
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5088 HIGH POC This Week

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Able2Extract
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-3685 HIGH POC This Week

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2019-17221 HIGH POC This Week

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Phantomjs
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8127 HIGH PATCH This Week

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-8122 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8111 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8110 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8093 HIGH PATCH This Week

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-17062 HIGH This Week

An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Eshop
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-8109 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Adobe CSRF Magento
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2019-18631 HIGH PATCH This Week

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Authentication Service Privilege Elevation Service
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-15966 HIGH This Week

A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Advanced Media Gateway
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2019-8116 HIGH PATCH This Week

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Adobe Magento
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-8112 HIGH PATCH This Week

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Magento
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-10084 HIGH This Week

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Impala
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-1789 HIGH This Week

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Clamav
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12625 HIGH This Week

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-17598 HIGH PATCH This Week

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Play Framework
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-8125 HIGH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-8119 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-8114 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2019-8091 HIGH This Week

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-16284 HIGH This Week

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE 260 G1 Dm Firmware 280 Pro G1 Firmware 285 G2 Firmware +99
NVD
CVSS 3.1
7.2
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy