Skip to main content
CVE-2019-10123 CRITICAL POC THREAT Emergency

SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Logistic Software
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
65.8%
CVE-2019-9653 CRITICAL POC THREAT Act Now

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Network Video Recorder Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
11.5%
CVE-2019-9106 CRITICAL POC Act Now

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Tebe Small Firmware Webapp
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-9891 CRITICAL POC Act Now

The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Privilege Escalation RCE Advanced Bash Scripting Guide
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-9874 CRITICAL POC KEV THREAT Act Now

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE Deserialization Cms Experience Platform
NVD
CVSS 3.1
9.8
EPSS
83.9%
CVE-2019-9871 CRITICAL POC Act Now

Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Fm K75 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-10328 CRITICAL PATCH Act Now

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline Remote Loader
NVD
CVSS 3.0
9.9
EPSS
1.9%
CVE-2019-6725 CRITICAL Act Now

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel P 660Hn T1 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-10069 CRITICAL Act Now

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Godot
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy