Skip to main content
CVE-2019-8293 CRITICAL POC PATCH Act Now

Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Upload Image With Ajax
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-12568 CRITICAL PATCH Act Now

Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Open Tftp Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-12567 CRITICAL PATCH Act Now

Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Open Tftp Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-7489 CRITICAL Act Now

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Sonicwall Email Security Appliance
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2019-7488 CRITICAL Act Now

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Email Security Appliance
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-3431 CRITICAL Act Now

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Goldendata Vap
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2019-18234 CRITICAL Act Now

Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Control Expert
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-11049 CRITICAL PATCH Act Now

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Microsoft Information Disclosure Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
4.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy