Skip to main content
CVE-2019-4013 CRITICAL POC THREAT Act Now

IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload IBM RCE Bigfix Platform
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
14.1%
CVE-2019-11072 CRITICAL POC PATCH THREAT Act Now

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Lighttpd
NVD GitHub
CVSS 3.0
9.8
EPSS
73.8%
CVE-2019-0285 CRITICAL POC Act Now

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SAP Crystal Reports
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-10945 CRITICAL POC THREAT Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Joomla
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.0%
CVE-2019-7139 CRITICAL POC PATCH THREAT Act Now

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Adobe Magento
NVD
CVSS 3.0
9.8
EPSS
15.4%
CVE-2019-7551 CRITICAL POC Act Now

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Portal
NVD
CVSS 3.1
9.0
EPSS
1.8%
CVE-2019-11068 CRITICAL PATCH GHSA Act Now

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libxslt Ubuntu Linux Debian Linux Fedora +18
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-0036 CRITICAL Act Now

When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-0008 CRITICAL Act Now

A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Buffer Overflow Stack Overflow RCE Junos
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-0040 CRITICAL Act Now

On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Information Disclosure Junos
NVD
CVSS 3.1
9.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy