Skip to main content
CVE-2019-12719 CRITICAL POC Act Now

An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sunveillance Monitoring System Data Recorder
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-18655 CRITICAL POC THREAT Act Now

File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption File Sharing Wizard
NVD GitHub
CVSS 3.1
9.8
EPSS
14.7%
CVE-2019-18873 CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Command Injection Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
8.2%
CVE-2019-1384 CRITICAL PATCH Act Now

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
9.9
EPSS
6.1%
CVE-2019-6188 CRITICAL Act Now

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo 510 15Ikl Firmware 510S 08Ikl Firmware Ideacentre 300 20Ish Firmware +389
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-1449 CRITICAL PATCH Act Now

A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Office Office 365 Proplus
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2019-1373 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft RCE Deserialization Exchange Server
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2019-18925 CRITICAL Act Now

Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iris Webforms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-18658 CRITICAL PATCH Act Now

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Helm
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-17330 CRITICAL Act Now

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2019-0721 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.1
EPSS
10.3%
CVE-2019-0719 CRITICAL PATCH Act Now

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
9.1
EPSS
10.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy