Skip to main content
CVE-2019-18624 CRITICAL POC Act Now

Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Mini
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-10749 CRITICAL POC PATCH Act Now

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PostgreSQL Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-10748 CRITICAL POC PATCH Act Now

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-8287 CRITICAL Act Now

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
19.5%
CVE-2019-18604 CRITICAL PATCH Act Now

In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Axohelp C Axodraw2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-15683 CRITICAL PATCH Act Now

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Stack Overflow RCE Turbovnc
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2019-15679 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-15678 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-10211 CRITICAL Act Now

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection OpenSSL PostgreSQL Microsoft RCE
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy