Skip to main content
CVE-2019-5029 CRITICAL POC THREAT Act Now

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exhibitor
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.1%
CVE-2019-18952 CRITICAL POC THREAT Act Now

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Xfilesharing
NVD GitHub
CVSS 3.1
9.8
EPSS
45.4%
CVE-2019-16948 CRITICAL POC Act Now

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Web Chat
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-18839 CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Command Injection Fudforum
NVD GitHub
CVSS 3.1
9.0
EPSS
5.4%
CVE-2019-18884 HIGH POC This Week

index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Rise Ultimate Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-18931 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-18930 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-18929 HIGH POC This Week

Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption My Cloud Ex2 Ultra Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-15948 HIGH POC This Week

Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Cc256Xc Bt Sp Firmware Cc256Xb Bt Sp Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-18951 HIGH POC THREAT This Week

SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xfilesharing
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
19.8%
CVE-2019-16949 MEDIUM POC This Month

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Chat
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-18923 MEDIUM POC This Month

Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Go Camo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-18883 MEDIUM POC This Month

XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lavalite
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-18793 MEDIUM POC This Month

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parallels Plesk Panel
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16950 MEDIUM POC This Month

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Chat
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18240 CRITICAL Act Now

In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE V Server
NVD
CVSS 3.1
9.8
EPSS
14.0%
CVE-2019-2205 CRITICAL Act Now

In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Google +2
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-2204 CRITICAL Act Now

In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-2036 CRITICAL Act Now

In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-17524 MEDIUM POC This Month

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tc7300 B0 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-17523 MEDIUM POC This Month

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tc7300 B0 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16951 MEDIUM POC This Month

A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Web Chat
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-3660 HIGH This Week

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-3651 HIGH This Week

Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD prior to 4.8 allows remote authenticated attackers to gain access to ePO as an administrator via using the atduser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Advanced Threat Defense
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-0389 HIGH This Week

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver Application Server Java
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-2206 HIGH This Week

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-18279 HIGH This Week

In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Securecore Technology
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-5233 HIGH This Week

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Taurus Al00B Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-18837 HIGH This Week

An issue was discovered in crun before 0.10.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crun Fedora
NVD GitHub
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-2210 HIGH This Week

In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2214 HIGH This Week

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-2207 HIGH This Week

In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2203 HIGH This Week

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2202 HIGH This Week

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2201 HIGH This Week

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-2195 HIGH This Week

In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2193 HIGH This Week

In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-2192 HIGH This Week

In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2019-5288 HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5287 HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5282 HIGH This Week

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Emily Al00A Firmware Emily Tl00B Firmware Emily L09C Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-18397 HIGH PATCH This Week

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow RCE Fribidi Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-18844 HIGH PATCH This Week

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Acrn
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-2211 HIGH This Week

In createProjectionMapForQuery of TvProvider.java, there is possible SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2208 HIGH This Week

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-5294 HIGH This Week

There is an out of bound read vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Buffer Overflow Information Disclosure Ar120 S Firmware Ar1200 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-5289 HIGH This Week

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Manageone
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-2213 HIGH This Week

In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2019-0396 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2019-2233 MEDIUM This Month

In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy