BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Bluecms
NVD
GitHub
CVSS 3.0
9.8
EPSS
1.5%
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
Jmeter
NVD
CVSS 3.0
9.8
EPSS
2.7%