Skip to main content
CVE-2019-4279 CRITICAL POC THREAT Emergency

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM RCE Deserialization Websphere Application Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
79.9%
CVE-2019-12160 CRITICAL POC Act Now

GoHTTP through 2017-07-25 has a sendHeader use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gohttp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12158 CRITICAL Act Now

GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Gohttp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11887 CRITICAL Act Now

SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Simplybook
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-5953 CRITICAL Act Now

Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Wget
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-5945 CRITICAL Act Now

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-0172 CRITICAL Act Now

A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Intel Privilege Escalation Unite
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-0153 CRITICAL Act Now

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel Converged Security Management Engine Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-7353 CRITICAL Act Now

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2019-5954 CRITICAL Act Now

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Jr East Japan
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2019-5883 CRITICAL Act Now

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.0
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy