Skip to main content
CVE-2019-7684 CRITICAL POC Act Now

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inxedu
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-7674 CRITICAL POC Act Now

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure S14 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-7653 CRITICAL POC Act Now

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Debian Rdflib Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-7678 CRITICAL Act Now

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy