Skip to main content
CVE-2022-48328 CRITICAL POC PATCH Act Now

app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Misp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-48329 CRITICAL PATCH Act Now

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23453 CRITICAL Act Now

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fx0 Gent00010 Firmware Fx0 Gent00000 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23452 CRITICAL Act Now

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fx0 Gpnt00000 Firmware Fx0 Gpnt00010 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25805 CRITICAL PATCH Act Now

versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Versionn
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-25613 CRITICAL PATCH Act Now

An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Kerby Ldap Backend
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-26093 CRITICAL PATCH Act Now

Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Liima
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26092 CRITICAL PATCH Act Now

Liima before 1.17.28 allows server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Liima
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy