Skip to main content
CVE-2019-16199 CRITICAL POC THREAT Act Now

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu2 Firmware Homematic Ccu3 Firmware
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-6840 CRITICAL Act Now

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-16378 CRITICAL PATCH Act Now

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opendmarc Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16239 CRITICAL Act Now

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openconnect Fedora Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-15131 CRITICAL Act Now

In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Code42
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-6837 CRITICAL Act Now

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Meg6501 0001 Firmware Meg6501 0002 Firmware Meg6260 0410 Firmware Meg6260 0415 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy