Skip to main content
CVE-2019-7587 CRITICAL POC Act Now

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bw
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-7585 CRITICAL POC Act Now

An issue was discovered in Waimai Super Cms 20150505. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-7568 CRITICAL POC Act Now

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-6139 CRITICAL Act Now

Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE User Id
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-4008 CRITICAL PATCH Act Now

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy