Skip to main content
CVE-2019-17571 CRITICAL PATCH GHSA Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J Debian Linux Ubuntu Linux +14
NVD VulDB
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-19747 CRITICAL POC Act Now

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Neuvector
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-15913 CRITICAL POC Act Now

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Dgnwg03Lm Firmware Zncz03Lm Firmware Mccgq01Lm Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-15911 CRITICAL POC Act Now

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hg100 Firmware Mw100 Firmware Ws 101 Firmware Ts 101 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-19919 CRITICAL PATCH Act Now

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Handlebars Js Tenable Sc
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2019-17440 CRITICAL Act Now

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy