Skip to main content
CVE-2022-48328 CRITICAL POC PATCH Act Now

app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Misp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26081 HIGH POC PATCH This Week

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Epiphany Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-48329 CRITICAL PATCH Act Now

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23453 CRITICAL Act Now

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fx0 Gent00010 Firmware Fx0 Gent00000 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23452 CRITICAL Act Now

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fx0 Gpnt00000 Firmware Fx0 Gpnt00010 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25805 CRITICAL PATCH Act Now

versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Versionn
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-25613 CRITICAL PATCH Act Now

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Kerby Ldap Backend
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-26093 CRITICAL PATCH Act Now

Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Liima
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26092 CRITICAL PATCH Act Now

Liima before 1.17.28 allows server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Liima
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25656 HIGH PATCH This Week

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Notation Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25570 HIGH PATCH This Week

Apollo is a configuration management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Apollo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-24998 HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service Commons Fileupload Debian Linux
NVD
CVSS 3.1
7.5
EPSS
46.8%
CVE-2023-25569 MEDIUM PATCH This Month

Apollo is a configuration management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apollo
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy