Skip to main content
CVE-2019-12518 CRITICAL POC THREAT Emergency

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Crosschex
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
50.7%
CVE-2019-19492 CRITICAL POC THREAT Emergency

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2019-19021 CRITICAL POC Act Now

An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webtitan
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-19015 CRITICAL POC Act Now

An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL Information Disclosure Webtitan
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-19245 CRITICAL POC Act Now

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xinet Elegant 6 Asset Library
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.9%
CVE-2019-12503 CRITICAL Act Now

Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bcst 60 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-12394 CRITICAL Act Now

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Management System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-12392 CRITICAL Act Now

Anviz access control devices allow remote attackers to issue commands without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anviz Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-19502 CRITICAL PATCH Act Now

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection PHP RCE Image Uploader And Browser For Ckeditor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-15631 CRITICAL Act Now

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Api Gateway Mule Runtime
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy