Skip to main content
CVE-2019-16644 CRITICAL POC Act Now

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-16642 CRITICAL POC Act Now

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-15088 CRITICAL PATCH Act Now

An issue was discovered in PRiSE adAS 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adas
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-5521 CRITICAL Act Now

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Information Disclosure Fusion Workstation +1
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2019-6650 CRITICAL Act Now

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-6649 CRITICAL Act Now

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Application Security Manager Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-14914 CRITICAL Act Now

An issue was discovered in PRiSE adAS 1.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adas
NVD
CVSS 3.1
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy