Skip to main content
CVE-2019-17621 CRITICAL POC KEV PATCH THREAT Act Now

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

D-Link Command Injection Dir 859 Firmware Dir 822 Firmware Dir 823 Firmware +11
NVD
CVSS 3.1
9.8
EPSS
89.6%
CVE-2019-13445 CRITICAL POC PATCH Act Now

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ros Comm
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-10774 CRITICAL POC PATCH Act Now

php-shellcommand versions before 1.6.1 have a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Php Shellcommand
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2019-19735 CRITICAL POC Act Now

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Yetishare
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2019-16535 CRITICAL Act Now

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Clickhouse
NVD
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy