Skip to main content
CVE-2019-11344 CRITICAL POC Act Now

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Pluck
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11350 CRITICAL Act Now

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jenkins Operations Center
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-2030 CRITICAL PATCH Act Now

In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Memory Corruption Google Use After Free +1
NVD
CVSS 3.0
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy