Skip to main content
CVE-2019-19683 CRITICAL POC Act Now

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nopcommerce
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2019-4621 CRITICAL Act Now

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-19230 CRITICAL PATCH Act Now

An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Nolio
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2019-19646 CRITICAL PATCH Act Now

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sqlite Sinec Infrastructure Network Services Tenable Sc Mysql Workbench +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-18190 CRITICAL Act Now

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Trend Micro RCE Antivirus Security 2020 +3
NVD
CVSS 3.1
9.8
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy