Skip to main content
CVE-2019-5029 CRITICAL POC THREAT Act Now

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exhibitor
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.1%
CVE-2019-18952 CRITICAL POC THREAT Act Now

SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Xfilesharing
NVD GitHub
CVSS 3.1
9.8
EPSS
45.4%
CVE-2019-16948 CRITICAL POC Act Now

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Web Chat
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-18839 CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Command Injection Fudforum
NVD GitHub
CVSS 3.1
9.0
EPSS
5.4%
CVE-2019-18240 CRITICAL Act Now

In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE V Server
NVD
CVSS 3.1
9.8
EPSS
14.0%
CVE-2019-2205 CRITICAL Act Now

In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Google +2
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-2204 CRITICAL Act Now

In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-2036 CRITICAL Act Now

In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy