CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

94 results Clear all

CVE-2019-19493 5.4 MEDIUM 1 PoC Analysis EPSS 0.01

Kentico <12.0.50 - XSS

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CWE-434 Dec 02, 2019

CVE-2019-17575 7.2 HIGH EPSS 0.00

WBCE CMS <1.4.0 - Command Injection

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.

CWE-706 Oct 14, 2019

CVE-2019-0220 5.3 MEDIUM EPSS 0.21

Apache HTTP Server <2.4.39 - Path Traversal

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

CWE-706 Jun 11, 2019

CVE-2019-9901 6.5 MEDIUM EPSS 0.00

Envoy <1.9.0 - SSRF

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.

CWE-706 Apr 25, 2019

CVE-2019-0816 5.1 MEDIUM EPSS 0.00

Azure SSH Keypairs - Auth Bypass

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

CWE-706 Apr 09, 2019

CVE-2019-9616 7.2 HIGH EPSS 0.02

OFCMS <1.1.3 - RCE

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.

CWE-706 Mar 06, 2019

CVE-2019-8908 9.8 CRITICAL EPSS 0.01

WTCMS 1.0 - RCE

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

CWE-706 Feb 18, 2019

CVE-2019-8395 9.8 CRITICAL EPSS 0.12

Zohocorp Manageengine Servicedesk Plus < 10.0 - Path Traversal

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

CWE-22 Feb 17, 2019

CVE-2019-7731 9.8 CRITICAL 1 Writeup EPSS 0.03

MyWebSQL 3.7 - RCE

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.

CWE-706 Feb 11, 2019

CVE-2019-6289 8.8 HIGH EPSS 0.01

DedeCMS V57_UTF8_SP2 - RCE

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

CWE-706 Jan 15, 2019

CVE-2018-6112 4.3 MEDIUM EPSS 0.01

Google Chrome <66.0.3359.117 - Open Redirect

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CWE-706 Jan 09, 2019

CVE-2019-0571 7.8 HIGH 1 PoC Analysis EPSS 0.08

Windows Data Sharing Service - Privilege Escalation

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574.

CWE-706 Jan 08, 2019

CVE-2018-12020 7.5 HIGH 1 Writeup EPSS 0.03

GnuPG <2.2.8 - Info Disclosure

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

CWE-706 Jun 08, 2018

CVE-2018-0237 5.8 MEDIUM EPSS 0.01

Cisco AMP < - Auth Bypass

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034.

CWE-20 Apr 19, 2018