Skip to main content
CVE-2019-7537 CRITICAL POC PATCH Act Now

An issue was discovered in Donfig 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Donfig
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-7238 CRITICAL POC KEV THREAT Act Now

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
9.8
EPSS
76.5%
CVE-2019-9083 CRITICAL POC THREAT Act Now

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sqlitemanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.6%
CVE-2019-6714 CRITICAL POC THREAT Act Now

An issue was discovered in BlogEngine.NET through 3.3.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Blogengine Net
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
31.7%
CVE-2019-6441 CRITICAL POC THREAT Act Now

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rt3050 Firmware Rt3052 Firmware Rt7620 Firmware Wm3300 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
53.6%
CVE-2019-5723 CRITICAL POC Act Now

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Portier
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-5722 CRITICAL POC Act Now

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Portier
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-5413 CRITICAL POC PATCH Act Now

An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Node.js RCE Morgan
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-6716 CRITICAL POC Act Now

An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Nervepoint Access Manager
NVD Exploit-DB
CVSS 3.0
9.4
EPSS
9.6%
CVE-2019-5490 CRITICAL Act Now

Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Service Processor
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-9898 CRITICAL PATCH Act Now

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Putty Fedora Debian Linux Leap +1
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-9895 CRITICAL Act Now

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Putty Fedora
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-9893 CRITICAL PATCH Act Now

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libseccomp
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-9870 CRITICAL PATCH Act Now

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oembed
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-8351 CRITICAL Act Now

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thor
NVD
CVSS 3.0
9.1
EPSS
1.3%
CVE-2019-3858 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Fedora +3
NVD
CVSS 3.0
9.1
EPSS
6.4%
CVE-2019-3862 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Libssh2 Fedora Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
8.1%
CVE-2019-3859 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Fedora +3
NVD
CVSS 3.1
9.1
EPSS
6.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy