Skip to main content
CVE-2019-10866 CRITICAL POC Act Now

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Form Maker
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-12297 CRITICAL POC Act Now

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12042 CRITICAL POC Act Now

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Panda Antivirus Panda Antivirus Pro Panda Dome Panda Global Protection +2
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-9949 HIGH POC This Week

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE My Cloud Firmware My Cloud Mirror Gen2 Firmware My Cloud Ex2 Ultra Firmware My Cloud Ex2100 Firmware +5
NVD GitHub
CVSS 3.0
8.8
EPSS
3.1%
CVE-2019-12293 HIGH POC This Week

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Poppler
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-10850 CRITICAL Act Now

Computrols CBAS 18.0.0 has Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Computrols Building Automation Software
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-7128 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-7124 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7120 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7119 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7118 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7117 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-12289 CRITICAL Act Now

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C7824Wip Firmware C38S Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-12288 CRITICAL Act Now

An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C7824Iwp Firmware C38S Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-7113 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-7112 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-7103 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7102 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-7101 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-7100 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7099 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7098 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7096 CRITICAL Act Now

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2019-7088 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2019-7130 CRITICAL PATCH Act Now

Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Bridge Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7107 CRITICAL PATCH Act Now

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Indesign
NVD
CVSS 3.1
9.8
EPSS
27.8%
CVE-2019-7106 CRITICAL PATCH Act Now

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Xd
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7105 CRITICAL PATCH Act Now

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Xd
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7104 CRITICAL PATCH Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-12301 CRITICAL Act Now

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Debian Percona Server
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12300 CRITICAL PATCH Act Now

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Buildbot
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12272 CRITICAL PATCH Act Now

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Luci
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2019-11873 CRITICAL PATCH Act Now

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Wolfssl
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2019-5795 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5792 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-5791 HIGH This Week

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-5790 HIGH This Week

An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE Chrome Backports +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-5789 HIGH POC This Week

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Microsoft RCE Chrome +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.3%
CVE-2019-5788 HIGH POC This Week

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE Chrome Backports +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.2%
CVE-2019-5787 HIGH This Week

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-10854 HIGH This Week

Computrols CBAS 18.0.0 allows Authenticated Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Computrols Building Automation Software
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2019-10852 HIGH This Week

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Computrols Building Automation Software
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-7111 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
8.8
EPSS
54.1%
CVE-2019-7125 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
8.8
EPSS
13.5%
CVE-2019-7132 HIGH PATCH This Week

Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Bridge Cc
NVD
CVSS 3.0
8.8
EPSS
6.0%
CVE-2019-10853 HIGH This Week

Computrols CBAS 18.0.0 allows Authentication Bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Computrols Building Automation Software
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2019-4078 HIGH PATCH This Week

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-5796 HIGH POC This Week

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google Chrome Backports Sle +1
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-10849 HIGH POC This Week

Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Computrols Building Automation Software
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
9.0%
CVE-2019-10855 HIGH This Week

Computrols CBAS 18.0.0 mishandles password hashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Computrols Building Automation Software
NVD
CVSS 3.0
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy