Skip to main content
CVE-2019-19687 HIGH POC PATCH This Week

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-19685 HIGH POC This Week

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nopcommerce
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-19684 HIGH POC This Week

nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Nopcommerce
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-19648 HIGH POC This Week

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Denial Of Service Information Disclosure Yara +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-19647 HIGH POC This Week

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Radare2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-14251 HIGH POC This Week

An issue was discovered in T24 in TEMENOS Channels R15.01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal T24
NVD GitHub
CVSS 3.1
7.5
EPSS
7.8%
CVE-2019-4612 HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-19603 HIGH PATCH This Week

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Mysql Workbench Sinec Infrastructure Network Services Guacamole +2
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy