Skip to main content
CVE-2019-3910 CRITICAL POC Act Now

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Airmedia Am 100 Firmware
NVD
CVSS 3.0
9.1
EPSS
8.6%
CVE-2019-3774 CRITICAL PATCH Act Now

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Spring Batch
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-3773 CRITICAL PATCH Act Now

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Web Services Financial Services Analytical Applications Infrastructure Flexcube Private Banking
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-3772 CRITICAL PATCH Act Now

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Java Spring Integration Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-3909 CRITICAL Act Now

Premisys Identicard version 3.1.190 database uses default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Premisys Id
NVD
CVSS 3.0
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy