Skip to main content
CVE-2019-3975 CRITICAL POC Act Now

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Webaccess
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-15896 CRITICAL POC Act Now

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP WordPress Privilege Escalation Authentication Bypass +1
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2019-10256 CRITICAL Act Now

An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Camera
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-14457 CRITICAL Act Now

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Camera
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-11495 CRITICAL Act Now

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-11496 CRITICAL Act Now

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy