Skip to main content
CVE-2019-19781 CRITICAL POC KEV THREAT Emergency

Citrix Application Delivery Controller and Gateway contain a directory traversal vulnerability allowing unauthenticated remote code execution, known as 'Shitrix', that triggered a global exploitation crisis in January 2020.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-20049 CRITICAL POC THREAT Act Now

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal RCE Omnivista 4760
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-20041 CRITICAL PATCH Act Now

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy