Skip to main content
CVE-2019-5096 CRITICAL POC THREAT Act Now

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Goahead
NVD
CVSS 3.1
9.8
EPSS
67.0%
CVE-2019-19459 CRITICAL POC Act Now

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Proaccess Space
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-16885 CRITICAL POC Act Now

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Okaycms
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-5132 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-5112 HIGH POC This Week

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Formalms
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-5111 HIGH POC This Week

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Formalms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-5110 HIGH POC This Week

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Formalms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-5109 HIGH POC This Week

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Formalms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-5083 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5076 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-19383 HIGH POC This Week

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Freeftpd
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2019-19458 HIGH POC This Week

SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Proaccess Space
NVD
CVSS 3.1
8.6
EPSS
2.8%
CVE-2019-5164 HIGH POC This Week

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE Shadowsocks Libev Backports Sle +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-19382 HIGH POC This Week

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Anti Virus Plus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5163 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Shadowsocks Libev Backports Leap
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-5097 HIGH POC THREAT This Week

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Goahead
NVD
CVSS 3.1
7.5
EPSS
45.1%
CVE-2019-13456 MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-19460 MEDIUM POC This Month

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Proaccess Space
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-19457 MEDIUM POC This Month

SALTO ProAccess SPACE 5.4.3.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Proaccess Space
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-5133 HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-4130 HIGH PATCH This Week

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Cloud Pak System
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-19543 HIGH PATCH This Week

In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-7366 HIGH PATCH This Week

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-7365 HIGH This Week

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Autodesk Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-9689 HIGH This Week

process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Axtls
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-10013 HIGH This Week

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Axtls
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-19532 MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Microsoft Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19531 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19527 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-3666 MEDIUM This Month

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webadvisor
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-3665 MEDIUM This Month

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webadvisor
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-19529 MEDIUM PATCH This Month

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2019-19528 MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-3750 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-3749 MEDIUM This Month

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Command Update
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18993 MEDIUM PATCH This Month

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

TP-Link XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-18992 MEDIUM PATCH This Month

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

TP-Link XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-4468 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4467 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4226 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4098 MEDIUM PATCH This Month

IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Pak System
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-18574 MEDIUM This Month

RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager Authentication Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19536 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Leap
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19535 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19530 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19526 MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19525 MEDIUM PATCH This Month

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19524 MEDIUM PATCH This Month

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-19523 MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-3990 MEDIUM PATCH This Month

A User Enumeration flaw exists in Harbor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy