Skip to main content
CVE-2019-13598 CRITICAL POC Act Now

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vera Edge Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-13597 CRITICAL POC THREAT Act Now

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sahi Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.3%
CVE-2019-13589 CRITICAL POC Act Now

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paranoid2
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-13590 MEDIUM POC This Month

An issue was discovered in libsox.a in SoX 14.4.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13594 HIGH PATCH This Week

In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Saleor
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-13602 HIGH This Week

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Buffer Overflow Vlc Media Player Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy