Skip to main content
CVE-2019-10750 CRITICAL POC PATCH Act Now

deeply is vulnerable to Prototype Pollution in versions before 3.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deeply
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-10747 CRITICAL POC PATCH Act Now

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Set Value
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-10746 CRITICAL POC PATCH Act Now

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mixin Deep Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-6695 CRITICAL Act Now

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-6698 CRITICAL Act Now

Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortirecorder Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-1581 CRITICAL Act Now

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto RCE Command Injection Pan Os
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-1580 CRITICAL Act Now

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Buffer Overflow Memory Corruption Pan Os
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2019-15537 CRITICAL PATCH Act Now

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Proxystatistics
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15536 CRITICAL PATCH Act Now

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Acclaim
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15535 CRITICAL PATCH Act Now

Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Tasking Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15519 CRITICAL PATCH Act Now

Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Power Response
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-15494 CRITICAL Act Now

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Openitcockpit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15490 CRITICAL Act Now

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Openitcockpit
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-15505 CRITICAL PATCH Act Now

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-15504 CRITICAL Act Now

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy