Skip to main content
CVE-2019-15741 CRITICAL POC Act Now

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gitlab Omnibus
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-16366 CRITICAL POC Act Now

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Moddable Xs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-16264 CRITICAL POC Act Now

In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sistema Integrado De Gestion Academica
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16057 CRITICAL POC KEV THREAT Act Now

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware
NVD
CVSS 3.1
9.8
EPSS
87.2%
CVE-2019-13474 CRITICAL POC Act Now

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bobs Rock Radio Firmware Dabman D10 Firmware Dabman I30 Stereo Firmware Imperial I110 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-5481 CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora Cloud Backup Steelstore +8
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-10071 CRITICAL PATCH Act Now

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Tapestry
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2019-0195 CRITICAL PATCH Act Now

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Tapestry
NVD
CVSS 3.1
9.8
EPSS
14.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy