Skip to main content
CVE-2019-13400 CRITICAL POC Act Now

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fcm Mb40 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12924 CRITICAL Act Now

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Mailenable
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2019-9629 CRITICAL Act Now

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexus Repository Manager
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-2111 CRITICAL Act Now

In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Google +2
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2019-13413 CRITICAL PATCH Act Now

The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Rencontre
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-13354 CRITICAL PATCH Act Now

The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Strong Password
NVD GitHub
CVSS 3.0
9.8
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy