Skip to main content
CVE-2019-5420 CRITICAL POC PATCH THREAT Act Now

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Rails Debian Linux Fedora
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.1%
CVE-2019-10232 CRITICAL POC PATCH THREAT Act Now

Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
23.2%
CVE-2019-9863 CRITICAL POC Act Now

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Secvest Wireless Alarm System Fuaa50000 Firmware Secvest Wireless Remote Control Fube50014 Firmware Secvest Wireless Remote Control Fube50015 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-10125 CRITICAL POC Act Now

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-1010257 CRITICAL POC Act Now

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Information Disclosure Article2Pdf
NVD
CVSS 3.1
9.1
EPSS
4.4%
CVE-2019-0160 CRITICAL Act Now

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service Edk Ii Leap +6
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-10231 CRITICAL PATCH Act Now

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Authentication Bypass PHP Memory Corruption Gestionnaire Libre De Parc Informatique
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy