Skip to main content
CVE-2019-8950 CRITICAL POC Act Now

The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H665 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-7164 CRITICAL POC PATCH Act Now

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-8948 CRITICAL Act Now

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Papercut Mf Papercut Ng
NVD
CVSS 3.0
9.8
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy