Skip to main content
CVE-2019-17495 CRITICAL POC PATCH Act Now

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Swagger Ui Banking Apis Banking Digital Experience Banking Platform +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2019-11526 CRITICAL POC Act Now

An issue was discovered in Softing uaGate SI 1.60.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Uagate Si Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-17455 CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17429 CRITICAL POC Act Now

Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Adhouma Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-1372 CRITICAL PATCH Act Now

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Azure App Service On Azure Stack
NVD
CVSS 3.1
10.0
EPSS
17.8%
CVE-2019-1365 CRITICAL PATCH Act Now

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
4.1%
CVE-2019-9533 CRITICAL Act Now

The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Explorer 710 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-9531 CRITICAL Act Now

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Explorer 710 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-17320 CRITICAL Act Now

NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xftp
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-17072 CRITICAL Act Now

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress PHP Contact Form Widget
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-17426 CRITICAL PATCH Act Now

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mongoose
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy