Skip to main content
CVE-2019-16326 HIGH POC This Week

D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token is implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link CSRF Dir 601 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-19979 HIGH POC This Week

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Wp Maintenance
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-20006 HIGH POC This Week

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Ezxml
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-19998 HIGH POC This Week

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Xiunobbs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15695 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15694 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15693 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2019-15692 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.8%
CVE-2019-15691 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.7%
CVE-2019-19999 HIGH POC PATCH This Week

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Halo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-19995 HIGH This Week

A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iwr 3000N Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6030 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Body Class
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6027 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpspellcheck
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-6014 HIGH This Week

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dba 1510P Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-19681 HIGH This Week

Pandora FMS 7.x suffers from remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2019-16789 HIGH PATCH This Week

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Waitress Communications Cloud Native Core Network Function Cloud Native Environment Debian Linux +2
NVD GitHub
CVSS 3.1
8.2
EPSS
2.6%
CVE-2019-6026 HIGH This Week

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Lanscope An Lanscope Cat Client Program Lanscope Cat Detection Agent +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-6019 HIGH This Week

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stamp Workbench
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-6008 HIGH This Week

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Exaopc Exaplog Exaquantum +5
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-5275 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-5274 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-5273 HIGH This Week

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Usg9500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-19996 HIGH This Week

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Iwr 3000N Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-6032 HIGH This Week

The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure News 24
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-6012 HIGH This Week

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wpdatatables Lite
NVD
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy