Skip to main content
CVE-2019-15940 CRITICAL POC Act Now

Victure PC530 devices allow unauthenticated TELNET access as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pc530 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-10431 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Jenkins RCE Script Security
NVD
CVSS 3.1
9.9
EPSS
2.7%
CVE-2019-17067 CRITICAL Act Now

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Putty
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-16943 CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Jackson Databind Debian Linux Fedora Jboss Enterprise Application Platform +22
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-16942 CRITICAL PATCH Act Now

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Debian Linux Fedora +25
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2019-10202 CRITICAL Act Now

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jboss Enterprise Application Platform
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-15039 CRITICAL POC THREAT Act Now

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy