Skip to main content
CVE-2019-13478 CRITICAL Act Now

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Yoast Seo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-13470 CRITICAL Act Now

MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Matrixssl
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11512 CRITICAL PATCH Act Now

Contao 4.x allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Contao
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-11991 CRITICAL Act Now

HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 3Par Service Processor Firmware
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2019-3950 CRITICAL Act Now

Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vmb3010 Firmware Vmb4000 Firmware Vmb3500 Firmware Vmb4500 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-3949 CRITICAL Act Now

Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vmb3010 Firmware Vmb4000 Firmware Vmb3500 Firmware Vmb4500 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy