Skip to main content
CVE-2019-7214 CRITICAL POC THREAT Emergency

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Smartermail
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
84.2%
CVE-2019-8993 CRITICAL Act Now

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Activematrix Bpm Activematrix Policy Director Activematrix Service Bus Activematrix Service Grid +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-11217 CRITICAL PATCH Act Now

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Bonobo Git Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-9951 CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload My Cloud Mirror Gen 2 Firmware My Cloud Ex2 Ultra Firmware My Cloud Ex2100 Firmware +6
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9950 CRITICAL Act Now

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force My Cloud Firmware My Cloud Mirror Gen2 Firmware My Cloud Ex2 Ultra Firmware +6
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-3793 CRITICAL Act Now

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Application Service
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-11081 CRITICAL Act Now

A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sidexis
NVD
CVSS 3.0
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy