Skip to main content
CVE-2019-9756 CRITICAL POC Act Now

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-9174 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.0
10.0
EPSS
2.0%
CVE-2019-1710 CRITICAL Act Now

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xr
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-10643 CRITICAL PATCH Act Now

Contao 4.7 allows Use of a Key Past its Expiration Date. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Contao Cms
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-10641 CRITICAL PATCH Act Now

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contao Cms
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2019-9217 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-0228 CRITICAL PATCH Act Now

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Pdfbox James Fedora +11
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2019-6579 CRITICAL Act Now

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Spectrum Power 4
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-3709 CRITICAL Act Now

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Emc Isilonsd Management Server
NVD
CVSS 3.0
9.6
EPSS
2.2%
CVE-2019-3708 CRITICAL Act Now

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Emc Isilonsd Management Server
NVD
CVSS 3.0
9.6
EPSS
2.2%
CVE-2019-9890 CRITICAL Act Now

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy