Skip to main content
CVE-2019-19576 CRITICAL POC PATCH THREAT Act Now

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

File Upload PHP Verot K2
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
26.2%
Threat
4.2
CVE-2019-19228 CRITICAL POC Act Now

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware Eco 27 0 3 S Firmware Galvo 1 5 1 Firmware +62
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-17556 CRITICAL PATCH Act Now

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Olingo
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-11940 CRITICAL PATCH Act Now

In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Proxygen
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-11936 CRITICAL PATCH Act Now

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-11935 CRITICAL PATCH Act Now

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-11934 CRITICAL PATCH Act Now

Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket.11.04.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Folly
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-11930 CRITICAL PATCH Act Now

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy