Skip to main content
CVE-2019-3947 CRITICAL POC Act Now

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure V Server
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-7840 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Coldfusion
NVD
CVSS 3.0
9.8
EPSS
17.2%
CVE-2019-7839 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Coldfusion
NVD
CVSS 3.0
9.8
EPSS
44.1%
CVE-2019-7838 CRITICAL Act Now

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Coldfusion
NVD
CVSS 3.0
9.8
EPSS
17.4%
CVE-2019-0304 CRITICAL Act Now

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection SAP Advanced Business Application Programming Platform Kernel Advanced Business Application Programming Platform Krnl32Nuc Advanced Business Application Programming Platform Krnl32Uc +2
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-6580 CRITICAL PATCH Act Now

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Siveillance Video Management Software 2017 R2 Siveillance Video Management Software 2018 R1 Siveillance Video Management Software 2018 R2 Siveillance Video Management Software 2018 R3 +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-3888 CRITICAL PATCH Act Now

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Undertow Virtualization Virtualization Host +3
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-3873 CRITICAL Act Now

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss Enterprise Application Platform Single Sign On
NVD
CVSS 3.0
9.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy