Skip to main content
CVE-2019-14754 CRITICAL POC Act Now

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Open School
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-14255 CRITICAL POC Act Now

A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Go Camo
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-13101 CRITICAL POC THREAT Act Now

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 600M Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
67.1%
CVE-2019-11208 CRITICAL Act Now

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Api Exchange Gateway
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2019-1971 CRITICAL Act Now

A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Network Function Virtualization Infrastructure
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-14771 CRITICAL Act Now

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Backdrop Cms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-12994 CRITICAL Act Now

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
9.1
EPSS
4.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy