Skip to main content
CVE-2019-18633 CRITICAL POC Act Now

European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eidas Node Integration Package
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-18632 CRITICAL POC Act Now

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eidas Node Integration Package
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-10762 CRITICAL PATCH Act Now

columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Medoo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy