Skip to main content
CVE-2019-19634 CRITICAL POC Act Now

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Verot K2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.2%
CVE-2019-18956 CRITICAL POC Act Now

Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Dv2Eemvc Proxia Phr +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.8%
CVE-2019-19847 HIGH POC This Week

Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libspiro
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2019-18832 HIGH POC This Week

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2019-18670 HIGH POC PATCH This Week

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Quick Access
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-18829 HIGH POC This Week

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-19816 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel Ubuntu Linux +11
NVD GitHub
CVSS 3.1
7.8
EPSS
3.3%
CVE-2019-19814 HIGH POC This Week

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
3.3%
CVE-2019-7481 HIGH POC KEV THREAT This Week

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
99.9%
CVE-2019-3995 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
28.5%
CVE-2019-3994 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-3993 HIGH POC THREAT This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
45.7%
CVE-2019-3992 HIGH POC This Week

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-19264 HIGH POC This Week

In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Recordfusion
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-18825 HIGH POC This Week

Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Cs 100 Huddle Firmware Clickshare Cse 200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2019-19315 HIGH POC This Week

NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Licensing Service
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-18824 MEDIUM POC This Month

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2019-3996 MEDIUM POC This Month

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elog Fedora
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2019-15235 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-14782 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-18833 MEDIUM POC This Month

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Clickshare Button R9861500D01 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2019-18257 CRITICAL Act Now

In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Diaganywhere
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-19815 MEDIUM POC PATCH This Month

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
2.1%
CVE-2019-19813 MEDIUM POC This Month

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +12
NVD GitHub
CVSS 3.1
5.5
EPSS
2.1%
CVE-2019-19497 MEDIUM POC This Month

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mdaemon Email Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-11657 HIGH This Week

Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Arcsight Logger
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-0384 HIGH This Week

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Extension Financial Services Treasury And Risk Management S4Core
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-0383 HIGH This Week

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Extension Financial Services Treasury And Risk Management S4Core
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-19849 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Typo3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-19745 HIGH PATCH This Week

Contao 4.0 through 4.8.5 allows PHP local file inclusion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-16575 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Alauda Kubernetes Support
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-16573 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Alauda Devops Pipeline
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16570 HIGH This Week

A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rapiddeploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16565 HIGH This Week

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Team Concert
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16560 HIGH This Week

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins CSRF Websphere Deployer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16553 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16551 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Gerrit Trigger
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-16550 HIGH PATCH This Week

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Maven
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16558 HIGH PATCH This Week

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2019-16549 HIGH PATCH This Week

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Jenkins Maven
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-17334 HIGH This Week

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Spotfire Analyst Spotfire Analytics Platform For Aws Spotfire Deployment Kit Spotfire Desktop +1
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2019-19241 HIGH POC PATCH This Week

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Linux Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-19675 HIGH This Week

In Ivanti Workspace Control before 10.3.180.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19850 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Typo3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-19848 HIGH PATCH This Week

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Typo3
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-16561 HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Websphere Deployer
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2019-17336 MEDIUM This Month

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-17335 MEDIUM This Month

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-16576 MEDIUM This Month

A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Alauda Kubernetes Support
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-16574 MEDIUM This Month

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Alauda Devops Pipeline
NVD
CVSS 3.1
6.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy