Skip to main content
CVE-2019-4716 CRITICAL POC KEV PATCH THREAT Act Now

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection IBM RCE Planning Analytics
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.4%
CVE-2019-8513 HIGH POC Act Now

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Mac Os X
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.9%
CVE-2019-8565 HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure Iphone Os Mac Os X
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
13.5%
CVE-2019-5079 CRITICAL POC Act Now

An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Pfc 200 Firmware Pfc 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-5075 CRITICAL POC Act Now

An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Pfc 200 Firmware Pfc 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-5081 CRITICAL POC Act Now

An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Pfc 200 Firmware Pfc 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-19844 CRITICAL POC PATCH THREAT Act Now

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Django Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
34.8%
CVE-2019-5486 HIGH POC This Week

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-15589 HIGH POC This Week

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-19832 HIGH POC This Week

Xerox AltaLink C8035 printers allow CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Altalink C8035 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-19882 HIGH POC PATCH This Week

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Shadow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-18997 HIGH POC This Week

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abb Pb610 Panel Builder 600
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15596 HIGH POC This Week

A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Statics Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15576 HIGH POC This Week

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-15575 HIGH POC This Week

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-19890 HIGH POC This Week

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hgb10R 02 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-19889 HIGH POC This Week

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hgb10R 02 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5152 HIGH POC This Week

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Shadowsocks Libev
NVD
CVSS 3.1
7.4
EPSS
1.4%
CVE-2019-5469 MEDIUM POC This Month

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-15591 MEDIUM POC This Month

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-15580 MEDIUM POC This Month

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19888 MEDIUM POC This Month

jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19887 MEDIUM POC This Month

bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-19833 MEDIUM POC THREAT This Month

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tautulli
NVD GitHub
CVSS 3.1
6.5
EPSS
14.7%
CVE-2019-8779 CRITICAL Act Now

A logic issue applied the incorrect restrictions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
10.0
EPSS
1.5%
CVE-2019-7290 CRITICAL Act Now

An access issue was addressed with additional sandbox restrictions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Shortcuts
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2019-11131 CRITICAL Act Now

Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-11107 CRITICAL Act Now

Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-18572 CRITICAL Act Now

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Rsa Identity Governance And Lifecycle
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-15599 CRITICAL PATCH Act Now

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft RCE Tree Kill
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-15598 CRITICAL POC PATCH Act Now

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft RCE Treekill
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-15597 CRITICAL Act Now

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Node Df
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-5074 CRITICAL Act Now

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pfc 200 Firmware Pfc 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-19690 CRITICAL Act Now

Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force Trend Micro Google Mobile Security
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-8849 CRITICAL Act Now

The issue was addressed by signaling that an executable stack is not required. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Swiftnio Ssl
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-8750 CRITICAL Act Now

Multiple memory corruption issues were addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Memory Corruption Icloud +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-8662 CRITICAL POC Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple Information Disclosure Memory Corruption Iphone Os +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.8%
CVE-2019-8661 CRITICAL POC THREAT Act Now

A use after free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Memory Corruption Use After Free +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.3%
CVE-2019-8660 CRITICAL POC THREAT Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.8%
CVE-2019-8648 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +3
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-8647 CRITICAL POC THREAT Act Now

A use after free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Memory Corruption Use After Free +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.5%
CVE-2019-8641 CRITICAL POC THREAT Act Now

An out-of-bounds read was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Iphone Os Mac Os X Tvos +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
17.0%
CVE-2019-8613 CRITICAL POC THREAT Act Now

A use after free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Memory Corruption Use After Free +3
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
13.3%
CVE-2019-8600 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft SQLi Apple RCE +6
NVD
CVSS 3.1
9.8
EPSS
20.0%
CVE-2019-11400 CRITICAL Act Now

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.6%
CVE-2019-11399 CRITICAL Act Now

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-2242 CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8016 Firmware +46
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-10614 CRITICAL PATCH Act Now

Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8017 Firmware +43
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10572 CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +41
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2019-10557 CRITICAL PATCH Act Now

Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Qualcomm Apq8009 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
1.1%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy