Skip to main content
CVE-2019-2729 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Communications Diameter Signaling Router Communications Network Integrity Hyperion Infrastructure Technology +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.8%
CVE-2019-12899 CRITICAL POC Act Now

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Devicenet Builder
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12898 CRITICAL POC Act Now

Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Devicenet Builder
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12890 CRITICAL POC Act Now

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Redwoodhq
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2019-11232 CRITICAL POC Act Now

EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biyan
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-6971 CRITICAL POC THREAT Act Now

An issue was discovered on TP-Link TL-WR1043ND V2 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr1043Nd Firmware
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
13.7%
CVE-2019-3954 CRITICAL POC Act Now

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-11040 CRITICAL POC Act Now

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Software Collections Leap +1
NVD
CVSS 3.1
9.1
EPSS
4.1%
CVE-2019-11039 CRITICAL POC Act Now

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Software Collections Leap +1
NVD
CVSS 3.1
9.1
EPSS
3.1%
CVE-2019-12900 CRITICAL PATCH Act Now

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Bzip2 Debian Linux Leap +3
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2019-2007 CRITICAL Act Now

In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-2006 CRITICAL Act Now

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Race Condition Google +1
NVD
CVSS 3.0
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy