Skip to main content
CVE-2019-14678 CRITICAL POC Act Now

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service SSRF Xml Mapper Base Sas
NVD GitHub
CVSS 3.1
10.0
EPSS
3.0%
CVE-2019-15800 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-18939 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Print Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
40.8%
CVE-2019-18938 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Hm Email Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-18937 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Scriptparser Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-15803 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-15799 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-18895 HIGH POC This Week

Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Scanguard Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-18980 HIGH POC This Week

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Taolight Smart Wi Fi Wiz Connected Led Bulb 9290022656 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2019-15804 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-15801 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-18651 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Infinias Access Control Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-18957 MEDIUM POC This Month

Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microstrategy Library
NVD
CVSS 3.1
6.1
EPSS
4.5%
CVE-2019-15802 MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-11171 CRITICAL Act Now

Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +2
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-8248 CRITICAL Act Now

Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Illustrator Cc
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-8247 CRITICAL Act Now

Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Illustrator Cc
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-8246 CRITICAL Act Now

Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Media Encoder
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-18885 MEDIUM POC PATCH This Month

fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18954 MEDIUM POC PATCH This Month

Pomelo v2.2.5 allows external control of critical state data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pomelo
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-11168 CRITICAL Act Now

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-0140 HIGH PATCH This Week

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation Buffer Overflow Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-11152 HIGH This Week

Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Privilege Escalation Buffer Overflow Intel +14
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-3661 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advanced Threat Defense
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-0142 HIGH PATCH This Week

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Privilege Escalation Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware Ethernet Controller Xxv710 Am2 Firmware +4
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-11137 HIGH This Week

Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Information Disclosure Xeon Platinum 8253 Firmware +283
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2019-16110 HIGH This Week

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Shadow
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-15389 HIGH This Week

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Haier A6 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-15388 HIGH This Week

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Google RCE Mega 5 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-15344 HIGH This Week

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Camon Iclick Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-11178 HIGH This Week

Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Intel Information Disclosure Baseboard Management Controller Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-11931 HIGH This Week

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Stack Overflow Apple Whatsapp +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-11111 HIGH This Week

Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Privilege Escalation Denial Of Service Intel Graphics Driver +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0124 HIGH This Week

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Core I7 6970Hq Firmware Core I7 6920Hq Firmware Core I7 6870Hq Firmware +143
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0123 HIGH This Week

Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Core I7 6970Hq Firmware Core I7 6920Hq Firmware Core I7 6870Hq Firmware +143
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-11112 HIGH This Week

Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Memory Corruption Graphics Driver +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-0155 HIGH This Week

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel Enterprise Linux Server Aus Enterprise Linux Server Eus +352
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-0145 HIGH PATCH This Week

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation Buffer Overflow Intel Ethernet Controller X710 Tm4 Firmware Ethernet Controller X710 At2 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15465 HIGH This Week

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15464 HIGH This Week

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Pro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15463 HIGH This Week

The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Prime Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15462 HIGH This Week

The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Duo Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15461 HIGH This Week

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Neo Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15460 HIGH This Week

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Neo Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15459 HIGH This Week

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Neo Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15458 HIGH This Week

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J7 Neo Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15457 HIGH This Week

The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J6 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15456 HIGH This Week

The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J6 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15455 HIGH This Week

The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15454 HIGH This Week

The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Galaxy J4 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy