Skip to main content
CVE-2019-9535 CRITICAL POC Act Now

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-17124 CRITICAL POC THREAT Act Now

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Viaware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
22.5%
CVE-2019-15859 CRITICAL POC THREAT Act Now

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Diris A 40 Firmware
NVD
CVSS 3.1
9.8
EPSS
34.1%
CVE-2019-17382 CRITICAL POC THREAT Act Now

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix Authentication Bypass PHP
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
54.1%
CVE-2019-17362 CRITICAL POC PATCH Act Now

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Information Disclosure Libtomcrypt Debian Linux
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
3.2%
CVE-2019-17415 CRITICAL Act Now

A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE File Sharing Wizard
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-1584 CRITICAL Act Now

A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Inspector
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-15020 CRITICAL Act Now

A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Inspector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-15019 CRITICAL Act Now

A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inspector
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17399 CRITICAL Act Now

The Shack Forms Pro extension before 4.0.32 for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Shack Forms Pro
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-17383 CRITICAL PATCH Act Now

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Netaddr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-17373 CRITICAL Act Now

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mbr1515 Firmware Mbr1516 Firmware Dgn2200 Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17354 CRITICAL Act Now

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Nbg 418N V2 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy