Skip to main content
CVE-2019-11062 CRITICAL POC Act Now

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Wmpro
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2019-13561 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 655 Firmware
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2019-13560 CRITICAL POC Act Now

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 655 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13507 CRITICAL POC Act Now

hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Az Admin
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-7003 CRITICAL Act Now

A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Control Manager
NVD
CVSS 3.1
10.0
EPSS
1.5%
CVE-2019-12751 CRITICAL Act Now

Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Message Gateway
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-10970 CRITICAL Act Now

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Panelview 5510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-12525 CRITICAL PATCH Act Now

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Squid Debian Linux Leap +2
NVD GitHub
CVSS 3.1
9.8
EPSS
24.4%
CVE-2019-10651 CRITICAL PATCH Act Now

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti RCE Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-12838 CRITICAL Act Now

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm Debian Linux Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy