Skip to main content
CVE-2022-47003 CRITICAL POC PATCH Act Now

A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Mura Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-47769 CRITICAL POC Act Now

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fast Checkin
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-47770 CRITICAL POC Act Now

Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fast Checkin
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24241 CRITICAL POC Act Now

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Forget Heart Message Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23924 CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-23076 CRITICAL Act Now

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Manageengine Supportcenter Plus
NVD
CVSS 3.1
9.8
EPSS
74.3%
CVE-2023-24997 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-23928 CRITICAL PATCH Act Now

reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Jwt Attack Reason Jose
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22501 CRITICAL Act Now

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Service Management
NVD
CVSS 3.1
9.1
EPSS
16.0%
CVE-2023-0587 CRITICAL Act Now

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Trend Micro Apex One
NVD
CVSS 3.1
9.1
EPSS
59.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy