Skip to main content
CVE-2019-3396 CRITICAL POC KEV PATCH THREAT Act Now

Atlassian Confluence Server Widget Connector macro contains a path traversal and server-side template injection vulnerability enabling unauthenticated remote code execution through crafted URLs.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.5%
Threat
9.8
CVE-2019-7609 CRITICAL POC KEV THREAT Emergency

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Elastic RCE Kibana Openshift Container Platform
NVD
CVSS 3.1
10.0
EPSS
95.3%
CVE-2019-10041 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-10040 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-10039 CRITICAL POC Act Now

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 816 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-3809 CRITICAL PATCH Act Now

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF Mozilla CSRF Moodle
NVD
CVSS 3.0
10.0
EPSS
0.9%
CVE-2019-7612 CRITICAL Act Now

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Logstash Active Iq Performance Analytics Services
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-3395 CRITICAL PATCH Act Now

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Confluence Server
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2019-10011 CRITICAL Act Now

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Campus Solution
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-3479 CRITICAL Act Now

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Arcsight Logger
NVD
CVSS 3.0
9.8
EPSS
6.9%
CVE-2019-3476 CRITICAL Act Now

Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-3861 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-3860 CRITICAL PATCH Act Now

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Libssh2 Debian Linux +2
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-7610 CRITICAL Act Now

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Elastic RCE Kibana
NVD
CVSS 3.0
9.0
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy