Skip to main content
CVE-2019-11031 CRITICAL Act Now

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mirasys Vms
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-11030 CRITICAL Act Now

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mirasys Vms
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-15322 CRITICAL Act Now

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Shortcode Factory
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-15321 CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15320 CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15319 CRITICAL Act Now

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15318 CRITICAL Act Now

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Easy Forms For Mailchimp
NVD
CVSS 3.0
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy