Skip to main content
CVE-2019-13279 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-13278 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
8.8%
CVE-2019-13276 CRITICAL POC Act Now

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Tew 827Dru Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2019-10653 CRITICAL POC Act Now

An issue was discovered in Hsycms V1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hsycms
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-13489 CRITICAL Act Now

Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Trape
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12803 CRITICAL Act Now

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload I Onenet
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-13132 CRITICAL Act Now

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libzmq Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
42.5%
CVE-2019-12468 CRITICAL PATCH Act Now

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mediawiki Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13224 CRITICAL PATCH Act Now

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

PHP Denial Of Service Information Disclosure RCE Memory Corruption +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-12723 CRITICAL Act Now

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Fields
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-10122 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-10121 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-10119 CRITICAL Act Now

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ccu3 Firmware Ccu2 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-0330 CRITICAL Act Now

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE SAP Diagnostics Agent
NVD
CVSS 3.1
9.1
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy