Skip to main content
CVE-2019-19683 CRITICAL POC Act Now

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nopcommerce
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2019-19687 HIGH POC PATCH This Week

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-19685 HIGH POC This Week

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nopcommerce
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-19684 HIGH POC This Week

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Nopcommerce
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-19648 HIGH POC This Week

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Denial Of Service Information Disclosure Yara +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-19647 HIGH POC This Week

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Radare2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-14251 HIGH POC This Week

An issue was discovered in T24 in TEMENOS Channels R15.01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal T24
NVD GitHub
CVSS 3.1
7.5
EPSS
7.8%
CVE-2019-4621 CRITICAL Act Now

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-19230 CRITICAL PATCH Act Now

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Nolio
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2019-19646 CRITICAL PATCH Act Now

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sqlite Sinec Infrastructure Network Services Tenable Sc Mysql Workbench +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-18190 CRITICAL Act Now

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Trend Micro RCE Antivirus Security 2020 +3
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19679 MEDIUM POC This Month

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Xray Test Mangaement
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19678 MEDIUM POC This Month

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Xray Test Mangaement
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4612 HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-19682 MEDIUM POC This Month

nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19603 HIGH PATCH This Week

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Mysql Workbench Sinec Infrastructure Network Services Guacamole +2
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2019-18380 MEDIUM This Month

Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Industrial Control System Protection
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-19645 MEDIUM PATCH This Month

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Cloud Backup Ontap Select Deploy Administration Utility Mysql Workbench +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-4611 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4428 MEDIUM PATCH This Month

IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Watson Assistant For Ibm Cloud Pak For Data
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy