Skip to main content
CVE-2019-16894 CRITICAL POC Act Now

download.php in inoERP 4.15 allows SQL injection through insecure deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deserialization PHP Inoerp
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-16915 CRITICAL PATCH Act Now

An issue was discovered in pfSense through 2.4.4-p3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Path Traversal Pfsense
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-16755 CRITICAL Act Now

BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Myit Digital Workplace
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-10082 CRITICAL PATCH Act Now

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Apache Memory Corruption Http Server +4
NVD
CVSS 3.1
9.1
EPSS
16.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy