Skip to main content
CVE-2019-13598 CRITICAL POC Act Now

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vera Edge Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2019-13597 CRITICAL POC THREAT Act Now

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sahi Pro
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.3%
CVE-2019-13589 CRITICAL POC Act Now

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paranoid2
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy