Skip to main content
CVE-2019-16192 CRITICAL POC Act Now

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doccms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-6960 CRITICAL POC Act Now

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-16190 CRITICAL POC Act Now

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 868l Firmware Dir 885L Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-16114 CRITICAL POC PATCH Act Now

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE PHP Atutor
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-10665 CRITICAL POC Act Now

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Denial Of Service Librenms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16125 CRITICAL POC Act Now

In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Jobberbase
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-16124 CRITICAL POC PATCH THREAT Act Now

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Youphptube
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.6%
CVE-2019-10668 CRITICAL POC PATCH Act Now

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Librenms
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2019-16184 CRITICAL PATCH Act Now

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Limesurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-12405 CRITICAL PATCH Act Now

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Traffic Control
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-16143 CRITICAL PATCH Act Now

An issue was discovered in the blake2 crate before 0.8.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Blake2 Rust
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-16142 CRITICAL PATCH Act Now

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Renderdocs Rs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-16140 CRITICAL PATCH Act Now

An issue was discovered in the chttp crate before 0.1.3 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Isahc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-16139 CRITICAL PATCH Act Now

An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Compact Arena
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-16138 CRITICAL PATCH Act Now

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Image
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy