Skip to main content
CVE-2019-17621 CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware Dir 822 Firmware Dir 823 Firmware +11
NVD
CVSS 3.1
9.8
EPSS
89.6%
CVE-2019-17558 HIGH POC KEV PATCH THREAT Act Now

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Solr Primavera Unifier
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
98.6%
CVE-2019-13445 CRITICAL POC PATCH Act Now

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ros Comm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-10774 CRITICAL POC PATCH Act Now

php-shellcommand versions before 1.6.1 have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Php Shellcommand
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-19735 CRITICAL POC Act Now

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Yetishare
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2019-20140 HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-20094 HIGH POC This Week

An issue was discovered in libsixel 1.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-19734 HIGH POC This Week

_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yetishare
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-20087 HIGH POC This Week

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-20086 HIGH POC This Week

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-19032 HIGH POC This Week

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Xmlblueprint
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
4.5%
CVE-2019-19031 HIGH POC This Week

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Easy Xml Editor
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
5.2%
CVE-2019-20090 HIGH POC This Week

An issue was discovered in Bento4 1.5.1.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Bento4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-20089 HIGH POC This Week

GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-20088 HIGH POC This Week

GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-20149 HIGH POC PATCH This Week

{'name':'Symbol'}. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kind Of
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-20085 HIGH POC KEV THREAT This Week

TVT NVMS-1000 devices allow GET /.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nvms 1000 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
96.1%
CVE-2019-19732 HIGH POC This Week

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yetishare
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2019-20071 MEDIUM POC This Month

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dl4343 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-20141 MEDIUM POC This Month

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Neon
NVD
CVSS 3.1
6.1
EPSS
5.0%
CVE-2019-19738 MEDIUM POC This Month

log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yetishare
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19733 MEDIUM POC This Month

_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yetishare
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-20076 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-20075 MEDIUM POC This Month

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-20073 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-20072 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-20070 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-16535 CRITICAL Act Now

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Clickhouse
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-20093 MEDIUM POC This Month

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo Fedora
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-20092 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-20091 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-20139 MEDIUM POC THREAT This Month

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
5.4
EPSS
26.1%
CVE-2019-16790 HIGH PATCH This Week

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Tiny File Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-19737 HIGH This Week

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Yetishare
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-20074 HIGH This Week

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dl4343 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-13465 HIGH This Week

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ros Comm
NVD GitHub
CVSS 3.1
8.6
EPSS
1.1%
CVE-2019-19470 HIGH This Week

Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Tinywall
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-20079 HIGH PATCH This Week

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Vim Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-19739 HIGH This Week

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yetishare
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-20138 HIGH PATCH This Week

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http Authentication Library
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-4343 MEDIUM This Month

IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which could allow an attacker to transfer private information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-15024 MEDIUM This Month

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clickhouse
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-19736 MEDIUM This Month

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies, allowing the cookie to be read by script, which can potentially be used by attackers to obtain the cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yetishare
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-4335 MEDIUM PATCH This Month

IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Watson Studio Local
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-20096 MEDIUM PATCH This Month

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-20095 MEDIUM This Month

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Leap Active Iq Unified Manager +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-4623 MEDIUM This Month

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cognos Analytics
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-19806 MEDIUM This Month

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Yetishare
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-19805 MEDIUM This Month

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Yetishare
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-4655 MEDIUM This Month

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Mq Mq Appliance
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy