Skip to main content
CVE-2019-9194 CRITICAL POC PATCH THREAT Act Now

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Elfinder
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
96.6%
CVE-2019-9201 CRITICAL POC Act Now

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ilc 131 Eth Firmware Ilc 131 Eth Xc Firmware Ilc 151 Eth Firmware Ilc 151 Eth Xc Firmware +4
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9195 CRITICAL POC PATCH Act Now

util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal RCE Grin
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-9184 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi J2Store
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.0%
CVE-2019-9169 CRITICAL POC PATCH Act Now

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Glibc Cloud Backup Ontap Select Deploy Administration Utility +3
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2019-7392 CRITICAL Act Now

An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privileged Access Manager
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2019-6592 CRITICAL Act Now

On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.0
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy