Skip to main content
CVE-2019-13962 CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player Backports Sle Leap +2
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-13956 CRITICAL POC Act Now

Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Discuz Ml
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-13952 CRITICAL POC Act Now

The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gdnsd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-13951 CRITICAL POC Act Now

The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gdnsd
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-1010268 CRITICAL POC PATCH Act Now

Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Information Disclosure Ladon
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.7%
CVE-2019-1010259 CRITICAL POC PATCH Act Now

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Salt 2018 Salt 2019
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-7850 CRITICAL Act Now

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Campaign
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2019-1010248 CRITICAL Act Now

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi I Doit
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-3570 CRITICAL PATCH Act Now

Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Buffer Overflow Heap Overflow Information Disclosure Hiphop Virtual Machine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-1010104 CRITICAL Act Now

TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Quick Chat
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13575 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress PHP Everest Forms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy