Skip to main content
CVE-2019-16278 CRITICAL POC KEV THREAT Emergency

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Nostromo Nhttpd
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.1%
CVE-2019-12941 CRITICAL POC Act Now

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wi Fi Nb Firmware 4G Lte Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-17553 CRITICAL POC Act Now

An issue was discovered in MetInfo v7.0.0 beta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Metinfo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17552 CRITICAL POC Act Now

An issue was discovered in idreamsoft iCMS v7.0.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-17408 CRITICAL POC Act Now

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Zzzphp
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-17574 CRITICAL POC Act Now

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Popup Maker
NVD GitHub
CVSS 3.1
9.1
EPSS
9.3%
CVE-2019-17580 CRITICAL Act Now

tonyy dormsystem through 1.3 allows SQL Injection in admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Dormsystem
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-17545 CRITICAL PATCH Act Now

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gdal Spatial And Graph Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-17542 CRITICAL PATCH Act Now

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ffmpeg Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-17539 CRITICAL PATCH Act Now

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-17544 CRITICAL PATCH Act Now

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Aspell Ubuntu Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy