Skip to main content
CVE-2019-8985 CRITICAL POC THREAT Act Now

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Denial Of Service RCE Wf2411 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
13.3%
CVE-2019-8979 CRITICAL POC Act Now

Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Kohana
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-8982 CRITICAL POC THREAT Act Now

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Wavemarker Studio
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
25.6%
CVE-2019-8996 CRITICAL Act Now

In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Manager Agents
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-1662 CRITICAL Act Now

A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Assurance
NVD
CVSS 3.0
9.1
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy