Skip to main content
CVE-2019-18935 CRITICAL POC KEV PATCH THREAT Act Now

Progress Telerik UI for ASP.NET AJAX contains a .NET deserialization vulnerability in RadAsyncUpload that allows unauthenticated remote code execution when encryption keys are known, exploited by APT groups and ransomware operators.

NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.6%
Threat
9.8
CVE-2019-3989 CRITICAL POC Act Now

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Blink Xt2 Sync Module Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-19725 CRITICAL POC Act Now

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sysstat Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-19374 CRITICAL POC Act Now

An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal Information Disclosure Matrix
NVD
CVSS 3.1
9.1
EPSS
3.4%
CVE-2019-0403 CRITICAL Act Now

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Command Injection Enable Now
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-19649 CRITICAL Act Now

Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Zoho Manageengine Applications Manager
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2019-18960 CRITICAL Act Now

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Firecracker
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy