Skip to main content
CVE-2019-7163 CRITICAL POC Act Now

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Alcatel Linkzone Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-14532 CRITICAL POC Act Now

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure The Sleuth Kit Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-14531 CRITICAL POC Act Now

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure The Sleuth Kit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-14544 CRITICAL PATCH Act Now

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Gogs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9141 CRITICAL Act Now

ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zoneplayer
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-14529 CRITICAL Act Now

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.1
9.8
EPSS
28.1%
CVE-2019-10938 CRITICAL PATCH Act Now

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens RCE Siprotec 5 Digsi Device Driver
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy