Skip to main content
CVE-2019-9585 CRITICAL POC Act Now

eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-9584 CRITICAL POC Act Now

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-14527 CRITICAL POC Act Now

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Mr1100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-15052 CRITICAL POC PATCH Act Now

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gradle
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-15027 CRITICAL POC Act Now

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mediatek Command Injection Mt8163 Firmware Mt6625 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-15058 CRITICAL POC Act Now

stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Stb
NVD GitHub
CVSS 3.0
9.1
EPSS
2.8%
CVE-2019-1226 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-1222 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-1213 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows Server 2008
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2019-1212 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2019-1205 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-1182 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2019-1181 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
9.8
EPSS
75.2%
CVE-2019-12103 CRITICAL PATCH Act Now

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-0736 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +6
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-12262 CRITICAL Act Now

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios Garrettcom Magnum Dx940E Firmware Ruggedcom Win7000 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-11652 CRITICAL Act Now

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Self Service Password Reset
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15025 CRITICAL Act Now

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Ninjaforms
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-0345 CRITICAL Act Now

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF SAP Netweaver Application Server Java
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-0344 CRITICAL KEV THREAT Act Now

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Deserialization Commerce Cloud
NVD
CVSS 3.1
9.8
EPSS
7.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy