Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-27 | CVE-2019-11565 | Server-Side Request Forgery (SSRF) vulnerability in Print MY Blog Project Print MY Blog Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. | 7.5 |
2019-04-26 | CVE-2019-11557 | Path Traversal vulnerability in Web-Dorado WP Form Builder The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
2019-04-26 | CVE-2019-3844 | Privilege Chaining vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. | 7.8 |
2019-04-26 | CVE-2019-3843 | Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. | 7.8 |
2019-04-26 | CVE-2019-6689 | Command Injection vulnerability in Dillonkane Tidal Workload Automation 3.2.0.5 An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). | 7.2 |
2019-04-26 | CVE-2019-2725 | Injection vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 7.5 |
2019-04-26 | CVE-2019-9804 | OS Command Injection vulnerability in Mozilla Firefox In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. | 7.5 |
2019-04-26 | CVE-2019-9796 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. | 7.5 |
2019-04-26 | CVE-2019-9795 | Reachable Assertion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. | 7.5 |
2019-04-26 | CVE-2019-9794 | Improper Input Validation vulnerability in Mozilla Thunderbird A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. | 7.5 |