Skip to main content
CVE-2019-1937 CRITICAL POC THREAT Emergency

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
75.9%
CVE-2019-1935 CRITICAL POC THREAT Emergency

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
83.4%
CVE-2019-10687 CRITICAL POC Act Now

KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kbpublisher
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-15074 CRITICAL POC PATCH Act Now

The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE PHP Mantisbt
NVD GitHub
CVSS 3.0
9.6
EPSS
2.1%
CVE-2019-6177 CRITICAL Act Now

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Information Disclosure Solution Center
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-1974 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Integrated Management Controller Supervisor Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2019-1938 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ucs Director Ucs Director Express For Big Data
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2019-15111 CRITICAL Act Now

The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wp Front End Profile
NVD
CVSS 3.0
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy