Skip to main content
CVE-2019-9569 CRITICAL POC Act Now

Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Entelibus Firmware
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2019-13020 CRITICAL Act Now

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Tightrope Media Carousel
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2019-15657 CRITICAL PATCH Act Now

In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Eslint Utils
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-15651 CRITICAL Act Now

wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wolfssl
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2019-15497 CRITICAL Act Now

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icompel Firmware Net Top Box Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2019-8001 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7998 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7997 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7993 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7992 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2019-7990 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
8.3%
CVE-2019-7975 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7974 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7973 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7972 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7971 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7970 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7969 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Memory Corruption Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2019-7968 CRITICAL Act Now

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Adobe Photoshop Cc
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2019-15548 CRITICAL Act Now

An issue was discovered in the ncurses crate through 5.99.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ncurses
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15543 CRITICAL PATCH Act Now

An issue was discovered in the slice-deque crate before 0.2.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Slice Deque
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15533 CRITICAL PATCH Act Now

XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Xenfcoresharp
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15503 CRITICAL Act Now

cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Prontuscms
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-15558 CRITICAL PATCH Act Now

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Xm Online 2 Common Utils And Endpoints
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15557 CRITICAL PATCH Act Now

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Xm Online 2 User Account And Authentication Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15555 CRITICAL PATCH Act Now

FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Wellness
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15560 CRITICAL PATCH Act Now

The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Reviews Module
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15559 CRITICAL PATCH Act Now

DianoxDragon Hawn before 2019-07-10 allows SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Hawn
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15574 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15573 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15572 CRITICAL PATCH Act Now

Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Gesior Aac
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15571 CRITICAL PATCH Act Now

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Clonos
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15570 CRITICAL PATCH Act Now

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bedita
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15569 CRITICAL PATCH Act Now

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Java Ccd Data Store Api
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15568 CRITICAL PATCH Act Now

idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Idseq Web
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15567 CRITICAL PATCH Act Now

OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Arena
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15566 CRITICAL PATCH Act Now

The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Google Alfresco
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-15565 CRITICAL PATCH Act Now

The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Icommktconnector
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-15564 CRITICAL PATCH Act Now

The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Compassion Switzerland
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15563 CRITICAL PATCH Act Now

Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Webapi
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-15554 CRITICAL PATCH Act Now

An issue was discovered in the smallvec crate before 0.6.10 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Smallvec
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15552 CRITICAL PATCH Act Now

An issue was discovered in the libflate crate before 0.1.25 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Libflate
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-15551 CRITICAL PATCH Act Now

An issue was discovered in the smallvec crate before 0.6.10 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Smallvec
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-14307 CRITICAL Act Now

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Sp C250Sf Firmware Sp C252Sf Firmware +2
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-14305 CRITICAL Act Now

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Sp C250Sf Firmware Sp C252Sf Firmware +2
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2019-14300 CRITICAL Act Now

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Sp C250Sf Firmware Sp C252Sf Firmware +2
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-14308 CRITICAL Act Now

Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Sp C250Sf Firmware Sp C252Sf Firmware +2
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-15562 CRITICAL Act Now

GORM before 1.9.10 allows SQL injection via incomplete parentheses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gorm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-15561 CRITICAL PATCH Act Now

FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flashlingo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-15556 CRITICAL Act Now

Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Social Network
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy