Skip to main content
CVE-2019-11223 CRITICAL POC Act Now

An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE Supportcandy
NVD
CVSS 3.0
9.8
EPSS
8.8%
CVE-2019-11322 CRITICAL POC Act Now

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11320 CRITICAL POC Act Now

In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11319 CRITICAL POC Act Now

An issue was discovered in Motorola CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11035 CRITICAL POC PATCH Act Now

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Storage Automation Store +3
NVD
CVSS 3.1
9.1
EPSS
4.4%
CVE-2019-10306 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Ontrack
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2019-9161 CRITICAL Act Now

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Command Injection Sundray Wan Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-9160 CRITICAL Act Now

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sundray Wan Controller Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-11034 CRITICAL PATCH Act Now

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Storage Automation Store +3
NVD
CVSS 3.1
9.1
EPSS
4.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy