Skip to main content
CVE-2019-10684 CRITICAL POC Act Now

Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE 74Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-10686 CRITICAL Act Now

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apollo
NVD GitHub
CVSS 3.0
10.0
EPSS
1.6%
CVE-2019-5523 CRITICAL Act Now

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation VMware Information Disclosure Vcloud Director
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-5891 CRITICAL Act Now

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Geocall
NVD
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy