Skip to main content
CVE-2019-14809 CRITICAL POC PATCH Act Now

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Go Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
8.4%
CVE-2019-14985 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2019-12479 CRITICAL POC Act Now

An issue was discovered in 20|20 Storage 2.11.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Twentytwenty Storage
NVD
CVSS 3.0
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy