Skip to main content
CVE-2019-11076 CRITICAL POC Act Now

Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cribl
NVD GitHub
CVSS 3.0
9.8
EPSS
3.5%
CVE-2019-7304 CRITICAL POC THREAT Act Now

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canonical Snapd Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
61.1%
CVE-2019-11469 CRITICAL POC THREAT Act Now

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoho Manageengine Applications Manager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
CVE-2019-2638 CRITICAL PATCH Act Now

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle General Ledger
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2019-2633 CRITICAL PATCH Act Now

Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Work In Process
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2019-7727 CRITICAL Act Now

In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Engage
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-2658 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-2646 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-2645 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-2702 CRITICAL PATCH Act Now

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Cruise Dining Room Management
NVD
CVSS 3.0
9.3
EPSS
1.3%
CVE-2019-2517 CRITICAL PATCH Act Now

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2019-2699 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Microsoft Information Disclosure Oracle Jdk +1
NVD
CVSS 3.1
9.0
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy