Skip to main content
CVE-2019-10866 CRITICAL POC Act Now

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress PHP Form Maker
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-12297 CRITICAL POC Act Now

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cx2 Firmware M2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12042 CRITICAL POC Act Now

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Panda Antivirus Panda Antivirus Pro Panda Dome Panda Global Protection +2
NVD GitHub
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-10850 CRITICAL Act Now

Computrols CBAS 18.0.0 has Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Computrols Building Automation Software
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-7128 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-7124 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7120 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7119 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7118 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2019-7117 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-12289 CRITICAL Act Now

An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C7824Wip Firmware C38S Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-12288 CRITICAL Act Now

An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass C7824Iwp Firmware C38S Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-7113 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2019-7112 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2019-7103 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7102 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-7101 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-7100 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7099 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7098 CRITICAL Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2019-7096 CRITICAL Act Now

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2019-7088 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2019-7130 CRITICAL PATCH Act Now

Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Bridge Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7107 CRITICAL PATCH Act Now

Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Indesign
NVD
CVSS 3.1
9.8
EPSS
27.8%
CVE-2019-7106 CRITICAL PATCH Act Now

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Xd
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7105 CRITICAL PATCH Act Now

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Adobe Xd
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7104 CRITICAL PATCH Act Now

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Shockwave Player
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-12301 CRITICAL Act Now

The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Debian Percona Server
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-12300 CRITICAL PATCH Act Now

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Buildbot
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12272 CRITICAL PATCH Act Now

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Luci
NVD GitHub
CVSS 3.0
9.8
EPSS
7.4%
CVE-2019-11873 CRITICAL PATCH Act Now

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Wolfssl
NVD
CVSS 3.1
9.8
EPSS
8.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy