Skip to main content
CVE-2019-3910 CRITICAL POC Act Now

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Airmedia Am 100 Firmware
NVD
CVSS 3.0
9.1
EPSS
8.6%
CVE-2019-6487 HIGH POC This Week

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Command Injection Tl Wdr5620 Firmware Tl Wdr3500 Firmware +3
NVD GitHub
CVSS 3.0
8.8
EPSS
8.5%
CVE-2019-3774 CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-3773 CRITICAL PATCH Act Now

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Web Services Financial Services Analytical Applications Infrastructure Flexcube Private Banking
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-3772 CRITICAL PATCH Act Now

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Integration Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-3909 CRITICAL Act Now

Premisys Identicard version 3.1.190 database uses default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Premisys Id
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-3906 HIGH This Week

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Premisys Id
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-6488 HIGH This Week

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Glibc
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-3908 HIGH This Week

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Premisys Id
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-3907 HIGH This Week

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Premisys Id
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy