Skip to main content
CVE-2019-3951 CRITICAL POC Act Now

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow RCE Webaccess
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16246 CRITICAL POC Act Now

Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Solismed
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-15936 CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Insecure File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Solismed
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-15933 CRITICAL POC Act Now

Intesync Solismed 3.3sp has SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Solismed
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-15932 CRITICAL POC Act Now

Intesync Solismed 3.3sp has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Solismed
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-15931 CRITICAL POC Act Now

Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Solismed
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19740 CRITICAL POC Act Now

Octeth Oempro 4.7 and 4.8 allow SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oempro
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.8%
CVE-2019-18345 CRITICAL POC Act Now

A reflected XSS issue was discovered in DAViCal through 1.1.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Davical Debian Linux
NVD
CVSS 3.1
9.3
EPSS
2.2%
CVE-2019-18342 CRITICAL Act Now

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center Server
NVD
CVSS 3.1
9.9
EPSS
2.1%
CVE-2019-16774 CRITICAL PATCH Act Now

In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Phpfastcache
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-18339 CRITICAL Act Now

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18337 CRITICAL Act Now

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18330 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18329 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18328 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18327 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18326 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18325 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18324 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18323 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18316 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18315 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18314 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-18313 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-18296 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18295 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18293 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18289 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18284 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-18283 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Sppa T3000 Application Server
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2019-19750 CRITICAL PATCH Act Now

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Msos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-2320 CRITICAL Act Now

Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +51
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10559 CRITICAL Act Now

Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8017 Firmware +35
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10511 CRITICAL Act Now

Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +52
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-10493 CRITICAL Act Now

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8053 Firmware Mdm9206 Firmware Mdm9207C Firmware +45
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-5093 CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-5085 CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-10694 CRITICAL Act Now

The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-18322 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2019-18321 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2019-13932 CRITICAL Act Now

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xhq
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy