Skip to main content
CVE-2019-18418 CRITICAL POC Act Now

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Session Fixation Information Disclosure Clonos
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2019-18413 CRITICAL POC PATCH Act Now

In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Typestack Class Validator
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-18200 CRITICAL POC Act Now

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Lx390 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-13652 CRITICAL POC Act Now

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-13651 CRITICAL POC Act Now

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-13650 CRITICAL POC Act Now

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-13649 CRITICAL POC Act Now

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-18394 CRITICAL POC PATCH THREAT Act Now

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Openfire
NVD GitHub
CVSS 3.1
9.8
EPSS
32.3%
CVE-2019-15929 CRITICAL PATCH Act Now

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Craft Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-13653 CRITICAL Act Now

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-12017 CRITICAL Act Now

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Mapr
NVD
CVSS 3.1
9.8
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy