Skip to main content
CVE-2019-11580 CRITICAL POC KEV THREAT Emergency

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian RCE Crowd
NVD
CVSS 3.1
9.8
EPSS
95.4%
CVE-2019-11367 CRITICAL POC Act Now

An issue was discovered in AUO Solar Data Recorder before 1.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Solar Data Recorder
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-11185 CRITICAL POC Act Now

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Live Chat
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-10883 CRITICAL POC THREAT Act Now

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.0
9.8
EPSS
65.5%
CVE-2019-12377 CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE Landesk Management Suite
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-12310 CRITICAL POC Act Now

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Backup Appliance Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-12564 CRITICAL POC Act Now

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Douphp
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-14728 CRITICAL Act Now

An authentication bypass was found in an unknown area of the SiteOmat source code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Authentication Bypass Siteomat
NVD VulDB
CVSS 3.1
9.8
EPSS
10.2%
CVE-2017-14854 CRITICAL Act Now

A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

Buffer Overflow RCE Siteomat
NVD VulDB
CVSS 3.1
9.1
EPSS
11.4%
CVE-2017-14851 CRITICAL Act Now

A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Siteomat
NVD VulDB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-11356 CRITICAL Act Now

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Imap Fedora +6
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-6742 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-12585 CRITICAL PATCH Act Now

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Apcupsd Pfsense
NVD GitHub
CVSS 3.0
9.8
EPSS
5.0%
CVE-2019-6741 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Redirect Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
9.3
EPSS
3.2%
CVE-2019-3397 CRITICAL Act Now

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Path Traversal RCE Bitbucket
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2019-12373 CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
9.0
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy