This external control of file name or path vulnerability allows remote attackers to access or modify system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This external control of file name or path vulnerability allows remote attackers to access or modify system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This improper link resolution vulnerability allows remote attackers to access system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.