Skip to main content
CVE-2019-13086 CRITICAL POC THREAT Act Now

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Csz Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
32.0%
CVE-2019-13082 CRITICAL POC Act Now

Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Chamilo Lms
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2019-13067 CRITICAL POC Act Now

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-13107 CRITICAL PATCH Act Now

Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Matio Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-11829 CRITICAL Act Now

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Synology Command Injection Calendar
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-11821 CRITICAL Act Now

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Synology PHP Photo Station
NVD
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy