Skip to main content
CVE-2019-19013 HIGH POC This Week

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pagekit
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-18909 HIGH POC This Week

The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

HP Command Injection Thinpro
NVD
CVSS 3.1
8.0
EPSS
2.2%
CVE-2019-18610 HIGH PATCH This Week

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
8.8
EPSS
29.6%
CVE-2019-3654 HIGH This Week

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Client Proxy
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2019-17446 HIGH This Week

An issue was discovered in Eracent EPA Agent through 10.2.26. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epa Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-18976 HIGH This Week

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-13157 HIGH This Week

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vaccine
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-3427 HIGH This Week

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Zte RCE Zxcdn Iamweb Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy