Skip to main content
CVE-2019-18800 HIGH POC This Week

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Viber
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-5125 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5100 HIGH POC This Week

An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5099 HIGH POC This Week

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5084 HIGH POC This Week

An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-6120 HIGH POC This Week

An issue was discovered in NiceHash Miner before 2.0.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Miner
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-18411 HIGH This Week

Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-13079 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13078 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13076 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-18650 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-8159 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-8154 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8150 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8137 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8134 HIGH PATCH This Week

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-8130 HIGH PATCH This Week

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Adobe Magento
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-10529 HIGH POC PATCH This Week

Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +39
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-2246 HIGH This Week

Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Mdm9205 Firmware Mdm9640 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10524 HIGH PATCH This Week

Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Qualcomm Memory Corruption Mdm9150 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10512 HIGH PATCH This Week

Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +45
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10502 HIGH PATCH This Week

Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Msm8909W Firmware Qcs405 Firmware Qcs605 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10496 HIGH This Week

Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Msm8909W Firmware Msm8996au Firmware Qcs605 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10491 HIGH PATCH This Week

ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Ipq4019 Firmware Ipq8064 Firmware Ipq8074 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-10488 HIGH This Week

Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qualcomm Mdm9150 Firmware Mdm9206 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-8155 HIGH This Week

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe CSRF Magento
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-10495 HIGH This Week

Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Msm8909W Firmware Msm8996au Firmware +34
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2019-8156 HIGH PATCH This Week

A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SSRF Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-8231 HIGH PATCH This Week

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-8230 HIGH PATCH This Week

In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-8229 HIGH This Week

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-8151 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Adobe Magento
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2019-8141 HIGH PATCH This Week

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Adobe Deserialization Magento
NVD
CVSS 3.1
7.2
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy