Most Exploitable CVEs of 2019

CVE-2019-0708

9.8 CRITICAL

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP...
almost 2 years ago

CVE-2019-19781

9.8 CRITICAL

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
about 1 year ago

CVE-2019-11043

9.8 CRITICAL

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated...
over 1 year ago

CVE-2019-5736

8.6 HIGH

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by...
about 2 years ago

CVE-2019-2725

9.8 CRITICAL

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0....
almost 2 years ago

CVE-2019-3396

9.8 CRITICAL

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from...
almost 2 years ago

CVE-2018-20250

7.8 HIGH

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field...
about 2 years ago

CVE-2019-15107

9.8 CRITICAL

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
over 1 year ago

CVE-2019-14287

8.8 HIGH

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by...
over 1 year ago

CVE-2019-16759

9.8 CRITICAL

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
over 1 year ago