Skip to main content
CVE-2019-3984 CRITICAL POC Act Now

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2019-20197 HIGH POC THREAT This Week

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nagios Xi
NVD
CVSS 3.1
8.8
EPSS
22.4%
CVE-2019-20172 HIGH POC PATCH This Week

Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Serenityos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-9668 HIGH POC This Week

An issue was discovered in rovinbhandari FTP through 2012-03-28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rovinbhandari Ftp
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-7751 HIGH POC THREAT This Week

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal RCE Fusionpro Vdp
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
14.2%
CVE-2019-20176 HIGH POC PATCH This Week

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pure Ftpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-20175 HIGH POC PATCH This Week

An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-20202 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-20201 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-20200 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-20199 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-20198 MEDIUM POC This Month

An issue was discovered in ezXML 0.8.3 through 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-12273 MEDIUM POC This Month

OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Outsystems
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-9554 MEDIUM POC This Month

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Craft Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.6%
CVE-2019-9553 MEDIUM POC This Month

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-9206 MEDIUM POC This Month

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-19927 MEDIUM POC PATCH This Month

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Ubuntu Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
6.0
EPSS
0.8%
CVE-2019-7478 CRITICAL Act Now

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Global Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-20171 MEDIUM POC This Month

An issue was discovered in GPAC version 0.5.2 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-20170 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20169 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20168 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-20167 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-20166 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20165 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20164 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20163 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20162 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20161 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-20160 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-20159 MEDIUM POC This Month

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-9556 MEDIUM POC This Month

FiberHome an5506-04-f RP2669 devices have XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS An5506 04 F Firmware
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-7162 CRITICAL Act Now

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD
CVSS 3.1
9.1
EPSS
4.0%
CVE-2019-18568 HIGH This Week

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Free Antivirus
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-9197 HIGH PATCH This Week

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Unity Editor
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2019-10229 HIGH This Week

An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mailstore Mailstore Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-12837 MEDIUM POC This Month

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Portal D Acces A La Universitat
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-7479 HIGH This Week

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft VMware Sonicos Sonicosv
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2019-14466 MEDIUM PATCH This Month

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Gosa Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10227 MEDIUM POC This Month

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openitcockpit
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-9207 MEDIUM This Month

PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-12186 MEDIUM PATCH This Month

An issue was discovered in Sylius products. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Grid Sylius
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy