Skip to main content
CVE-2019-10892 CRITICAL POC Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 806 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-10891 CRITICAL POC THREAT Act Now

An issue was discovered in D-Link DIR-806 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2019-15102 CRITICAL POC Act Now

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Sahi Pro
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2019-9855 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Libreoffice Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-16060 CRITICAL PATCH Act Now

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Airbrake Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-11926 CRITICAL PATCH Act Now

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.30.9, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11925 CRITICAL PATCH Act Now

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.30.9, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Hhvm
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-13656 CRITICAL Act Now

An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Ca Client Automation Ca Workload Automation Ae
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2019-14813 CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
9.8
EPSS
11.4%
CVE-2019-15846 CRITICAL Act Now

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Exim Debian Linux
NVD
CVSS 3.0
9.8
EPSS
35.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy