Skip to main content
CVE-2019-16881 CRITICAL POC PATCH Act Now

An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Portaudio Rs
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16880 CRITICAL POC PATCH Act Now

An issue was discovered in the linea crate through 0.9.4 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linea
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-16868 CRITICAL POC Act Now

emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-10418 CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Kubernetes Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2019-10417 CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Kubernetes Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2019-15941 CRITICAL Act Now

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lemonldap Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-15069 CRITICAL Act Now

An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Battery A4 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-15068 CRITICAL Act Now

A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Battery A4 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-15067 CRITICAL Act Now

An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Battery A2 25De Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-12204 CRITICAL PATCH Act Now

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Silverstripe
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16194 CRITICAL PATCH Act Now

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy