Skip to main content
CVE-2019-0708 CRITICAL POC KEV PATCH THREAT Act Now

Remote Desktop Services contain a pre-authentication remote code execution vulnerability known as 'BlueKeep' that allows unauthenticated attackers to execute code via crafted RDP requests, with wormable potential rivaling EternalBlue.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.5%
Threat
9.8
CVE-2019-1821 CRITICAL POC THREAT Emergency

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Evolved Programmable Network Manager Network Level Service Prime Infrastructure
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
98.1%
CVE-2019-10910 CRITICAL POC PATCH Act Now

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Symfony Drupal
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-10913 CRITICAL PATCH Act Now

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi Symfony
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-0725 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows Server 2008 +3
NVD
CVSS 3.0
9.8
EPSS
26.3%
CVE-2019-0938 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
9.0
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy