Skip to main content
CVE-2019-16871 CRITICAL POC Act Now

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft RCE Twincat
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-19899 CRITICAL POC PATCH Act Now

Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pebble Templates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-19915 CRITICAL POC Act Now

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress XSS CSRF 301 Redirects
NVD
CVSS 3.1
9.0
EPSS
0.9%
CVE-2019-17633 HIGH POC This Week

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Che
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-19906 HIGH POC PATCH This Week

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cyrus Sasl Debian Linux Ubuntu Linux Fedora +15
NVD GitHub
CVSS 3.1
7.5
EPSS
8.0%
CVE-2019-17527 CRITICAL PATCH Act Now

dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Js Jobs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-8256 CRITICAL Act Now

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Coldfusion
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-8255 CRITICAL Act Now

Brackets versions 1.14 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Brackets
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2019-19907 CRITICAL PATCH Act Now

HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Groupware Core
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-19905 CRITICAL PATCH Act Now

NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Nethack
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-16464 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16463 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2019-16462 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16460 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16459 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16455 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16454 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-16453 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2019-16452 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2019-16451 CRITICAL POC THREAT Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
34.7%
CVE-2019-16450 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-16448 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16446 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16445 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-16444 CRITICAL Act Now

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-7482 CRITICAL Act Now

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2019-19141 HIGH This Week

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ubuntu RCE Media Server
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2019-19909 HIGH PATCH This Week

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-7486 HIGH This Week

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-7485 HIGH This Week

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-19340 HIGH This Week

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Tower Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2019-11780 HIGH PATCH This Week

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Privilege Escalation Odoo
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2019-8254 HIGH This Week

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-8253 HIGH This Week

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2019-18181 HIGH This Week

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cloudvision Portal
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-7487 HIGH This Week

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Sonicos Sonicos Sslvpn Nacagent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19234 HIGH This Week

In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the !. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-19232 HIGH This Week

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sudo
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16465 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16461 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16458 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16457 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16456 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-16449 HIGH This Week

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-7483 HIGH KEV THREAT This Week

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-19902 HIGH This Week

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Backdrop Cms
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-7484 MEDIUM This Month

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonicwall Sma 100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-15006 MEDIUM PATCH This Month

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Atlassian Information Disclosure Confluence Confluence Server
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-19910 MEDIUM PATCH This Month

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18955 MEDIUM This Month

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy