Skip to main content
CVE-2019-7629 CRITICAL POC Act Now

Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tintin Wintin
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2019-8908 CRITICAL POC Act Now

An issue was discovered in WTCMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wtcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-8429 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8428 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8427 CRITICAL POC Act Now

daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-8424 CRITICAL POC Act Now

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8423 CRITICAL POC Act Now

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoneminder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-8917 CRITICAL Act Now

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Orion Network Performance Monitor
NVD GitHub
CVSS 3.0
9.8
EPSS
36.4%
CVE-2019-0101 CRITICAL PATCH Act Now

Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Intel Unite
NVD
CVSS 3.0
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy