Skip to main content
CVE-2019-14537 CRITICAL POC PATCH Act Now

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memory Corruption Yourls
NVD GitHub
CVSS 3.0
9.8
EPSS
6.1%
CVE-2019-14746 CRITICAL POC Act Now

A issue was discovered in KuaiFanCMS 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Kuaifancms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2019-1895 CRITICAL Act Now

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-5476 CRITICAL Act Now

An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nextcloud Lookup Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-1913 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Sf 220 24 Firmware Sf220 24P Firmware +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
25.9%
CVE-2019-1912 CRITICAL POC THREAT Act Now

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sf 220 24 Firmware Sf220 24P Firmware Sf220 48 Firmware +8
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
17.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy