Skip to main content
CVE-2019-16327 CRITICAL POC Act Now

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 601 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-19977 CRITICAL POC Act Now

libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libesmtp
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-16326 HIGH POC This Week

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 601 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-19979 HIGH POC This Week

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Wp Maintenance
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-20006 HIGH POC This Week

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Ezxml
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-19998 HIGH POC This Week

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Xiunobbs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15695 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15694 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15693 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2019-15692 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.8%
CVE-2019-15691 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.7%
CVE-2019-19999 HIGH POC PATCH This Week

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Halo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-20007 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.2 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-20005 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-19984 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2019-19540 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-20000 MEDIUM POC This Month

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Premium Protection
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2019-19398 CRITICAL Act Now

M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE M5 Lite 10 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-20008 MEDIUM POC PATCH This Month

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archery
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19389 MEDIUM POC PATCH This Month

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ktor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-19542 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19541 MEDIUM POC This Month

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Listingpro
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19981 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Email Subscribers Newsletters
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19985 MEDIUM POC THREAT This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Information Disclosure Email Subscribers Newsletters
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
71.4%
CVE-2019-19982 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Email Subscribers Newsletters
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-19995 HIGH This Week

A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iwr 3000N Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6030 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Body Class
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6027 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpspellcheck
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6014 HIGH This Week

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dba 1510P Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-19681 HIGH This Week

Pandora FMS 7.x suffers from remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2019-19983 MEDIUM POC This Month

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Minify
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-19980 MEDIUM POC This Month

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-16789 HIGH PATCH This Week

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
8.2
EPSS
2.6%
CVE-2019-6026 HIGH This Week

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Lanscope An Lanscope Cat Client Program Lanscope Cat Detection Agent +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6019 HIGH This Week

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stamp Workbench
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-6008 HIGH This Week

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Exaopc Exaplog Exaquantum +5
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5275 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-5274 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-5273 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-19996 HIGH This Week

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Iwr 3000N Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6032 HIGH This Week

The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure News 24
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-6012 HIGH This Week

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wpdatatables Lite
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-6013 MEDIUM This Month

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dba 1510P Firmware
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2019-6024 MEDIUM This Month

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Apple Rakuma
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6022 MEDIUM This Month

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-6035 MEDIUM PATCH This Month

Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Athenz
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6034 MEDIUM This Month

a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-6033 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6031 MEDIUM This Month

Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Kinza
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-6029 MEDIUM This Month

Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom Body Class
NVD
CVSS 3.1
6.1
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy