Total
304280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1130 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 11 more | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. | ||||
| CVE-2019-1132 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0193 | 2 Apache, Debian | 2 Solr, Debian Linux | 2025-07-30 | 7.2 High |
| In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. | ||||
| CVE-2019-11581 | 1 Atlassian | 1 Jira Server | 2025-07-30 | 9.8 Critical |
| There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. | ||||
| CVE-2019-0344 | 1 Sap | 1 Commerce Cloud | 2025-07-30 | 9.8 Critical |
| Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. | ||||
| CVE-2019-15107 | 1 Webmin | 1 Webmin | 2025-07-30 | 9.8 Critical |
| An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | ||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-07-30 | 7.8 High |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | ||||
| CVE-2019-13608 | 1 Citrix | 1 Storefront Server | 2025-07-30 | 7.5 High |
| Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | ||||
| CVE-2019-15949 | 1 Nagios | 1 Nagios Xi | 2025-07-30 | 8.8 High |
| Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root. | ||||
| CVE-2019-1214 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-1215 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | ||||
| CVE-2019-1253 | 1 Microsoft | 8 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 5 more | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | ||||
| CVE-2019-1297 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2025-07-30 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | ||||
| CVE-2019-16256 | 1 Samsung | 2 Samsung, Samsung Firmware | 2025-07-30 | 9.8 Critical |
| Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | ||||
| CVE-2019-16057 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-07-30 | 9.8 Critical |
| The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | ||||
| CVE-2019-1367 | 1 Microsoft | 14 Internet Explorer, Windows 10 1607, Windows 10 1703 and 11 more | 2025-07-30 | 7.5 High |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | ||||
| CVE-2019-16759 | 1 Vbulletin | 1 Vbulletin | 2025-07-30 | 9.8 Critical |
| vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | ||||
| CVE-2019-16920 | 1 Dlink | 20 Dap-1533, Dap-1533 Firmware, Dhp-1565 and 17 more | 2025-07-30 | 9.8 Critical |
| Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. | ||||
| CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-07-30 | 9.8 Critical |
| Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | ||||
| CVE-2019-1315 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 10 more | 2025-07-30 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | ||||