Skip to main content
CVE-2019-11510 CRITICAL POC KEV PATCH THREAT Act Now

Pulse Secure Pulse Connect Secure contains a pre-authentication arbitrary file reading vulnerability that allows unauthenticated remote attackers to read any file from the VPN appliance, including cached credentials and session tokens.

NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.4%
Threat
9.8
CVE-2019-7442 CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Hashicorp Enterprise Password Vault
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
40.0%
CVE-2019-5021 CRITICAL POC Act Now

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Docker Alpine Leap Big Ip Controller
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-8387 CRITICAL POC THREAT Act Now

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Master Ip Camera01 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
55.7%
CVE-2019-2047 CRITICAL Act Now

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-2046 CRITICAL Act Now

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-2045 CRITICAL Act Now

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-9505 CRITICAL Act Now

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Print Management
NVD
CVSS 3.1
9.8
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy