Skip to main content
CVE-2019-13116 CRITICAL POC PATCH Act Now

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Apache Deserialization Mule Runtime
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2019-17662 CRITICAL POC THREAT Act Now

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinvnc
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
96.8%
CVE-2019-17626 CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2019-17512 CRITICAL POC Act Now

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 412 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2019-3025 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Oracle Hospitality Res 3700
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
14.5%
CVE-2019-17625 CRITICAL POC MAL Act Now

There is a stored XSS in Rambox 0.6.9 that can lead to code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Node.js XSS Command Injection Rambox
NVD GitHub
CVSS 3.1
9.0
EPSS
3.0%
CVE-2019-10458 CRITICAL Act Now

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Puppet Enterprise Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.9%
CVE-2019-16700 CRITICAL PATCH Act Now

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Upload RCE Slub Events
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16699 CRITICAL PATCH Act Now

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sr Freecap
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-15260 CRITICAL Act Now

A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Aironet 1540 Firmware Aironet 1560 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-2904 CRITICAL PATCH Act Now

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Testing Suite Banking Enterprise Collections Banking Enterprise Originations +19
NVD
CVSS 3.1
9.8
EPSS
14.3%
CVE-2019-6334 CRITICAL Act Now

HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers have a solution to check application signature that may allow potential execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP RCE Futuresmart 3 Futuresmart 4
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-3020 CRITICAL PATCH Act Now

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
9.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy