Skip to main content
CVE-2019-13640 CRITICAL POC Act Now

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Qbittorrent
NVD GitHub
CVSS 3.0
9.8
EPSS
7.9%
CVE-2019-1010263 CRITICAL POC PATCH Act Now

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-13577 CRITICAL POC THREAT Act Now

SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Maple Computer Wbt Snmp Administrator
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.4%
CVE-2019-13585 CRITICAL POC THREAT Act Now

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Robotics Virtual Robot Controller
NVD
CVSS 3.1
9.8
EPSS
14.7%
CVE-2019-13614 CRITICAL POC Act Now

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link RCE Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13613 CRITICAL POC Act Now

CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link RCE Memory Corruption +1
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13625 CRITICAL POC Act Now

NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Ghidra
NVD GitHub
CVSS 3.0
9.1
EPSS
2.4%
CVE-2019-1917 CRITICAL Act Now

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Vision Dynamic Signage Director
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2019-11772 CRITICAL Act Now

In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Buffer Overflow Memory Corruption Openj9
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-1010275 CRITICAL PATCH Act Now

helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Helm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-13447 CRITICAL Act Now

An issue was discovered in Sertek Xpare 3.67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Xpare
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11535 CRITICAL Act Now

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Command Injection Re6400 Firmware Re6300 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-13573 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-9848 CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Libreoffice Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2019-13624 CRITICAL PATCH Act Now

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Onos
NVD
CVSS 3.0
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy