Skip to main content
CVE-2019-10655 CRITICAL POC THREAT Emergency

Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Command Injection CSRF Gac2500 Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
15.4%
CVE-2019-10661 CRITICAL POC Act Now

On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gxv3611Ir Hd Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-10647 CRITICAL POC Act Now

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD GitHub
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-10648 CRITICAL PATCH Act Now

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Robocode
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy