Skip to main content
CVE-2019-5067 CRITICAL POC Act Now

An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free RCE Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-5066 CRITICAL POC Act Now

An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Aspose Pdf For C
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-14254 CRITICAL POC Act Now

An issue was discovered in the secure portal in Publisure 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Publisure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16399 CRITICAL POC Act Now

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wd My Book Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-11210 CRITICAL Act Now

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Runtime For R Spotfire Analytics Platform For Aws
NVD
CVSS 3.1
10.0
EPSS
3.7%
CVE-2019-11211 CRITICAL Act Now

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enterprise Runtime For R Spotfire Analytics Platform For Aws
NVD
CVSS 3.1
9.9
EPSS
3.7%
CVE-2019-3758 CRITICAL Act Now

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13558 CRITICAL Act Now

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-15301 CRITICAL Act Now

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bpm Online Crm System Sdk
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-13550 CRITICAL Act Now

In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-9677 CRITICAL PATCH Act Now

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Dahua Ipc Hdw1X2X Firmware Ipc Hfw1X2X Firmware Ipc Hdw2X2X Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy