Skip to main content
CVE-2019-16759 CRITICAL POC KEV THREAT Emergency

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Vbulletin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.7%
CVE-2019-16724 CRITICAL POC THREAT Emergency

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE File Sharing Wizard
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
72.2%
CVE-2019-5505 CRITICAL PATCH Act Now

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-5504 CRITICAL PATCH Act Now

ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ship with an HTTP service bound to the network allowing unauthenticated remote attackers to perform administrative actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-16411 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-16748 CRITICAL Act Now

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-16746 CRITICAL PATCH Act Now

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2019-16383 CRITICAL POC PATCH Act Now

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Authentication Bypass SQLi Microsoft Moveit Transfer
NVD Exploit-DB
CVSS 3.1
9.4
EPSS
5.2%
CVE-2019-16410 CRITICAL Act Now

An issue was discovered in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2019-15699 CRITICAL Act Now

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Suricata
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy