Skip to main content
CVE-2023-20198 CRITICAL POC KEV THREAT Emergency

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Information Disclosure Allen Bradley Stratix 5200 Firmware Allen Bradley Stratix 5800 Firmware +1
NVD GitHub
CVSS 3.1
10.0
EPSS
99.6%
CVE-2023-40852 CRITICAL POC Act Now

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration Login And User Management System With Admin Panel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4666 CRITICAL POC Act Now

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Form Maker
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-45984 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45580 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45579 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45578 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45577 CRITICAL POC Act Now

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45576 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45575 CRITICAL POC Act Now

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45574 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-45573 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-45572 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-44809 CRITICAL POC Act Now

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44808 CRITICAL POC Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36955 CRITICAL POC Act Now

TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36954 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-36953 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-36950 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36952 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36947 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36340 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45685 CRITICAL POC Act Now

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-4776 HIGH POC This Week

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wpschoolpress
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4643 HIGH POC This Week

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Enable Media Replace
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-45687 HIGH POC This Week

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Session Fixation Microsoft Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4827 HIGH POC This Week

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Filester
NVD WPScan
CVSS 3.1
8.8
EPSS
6.8%
CVE-2023-42459 HIGH POC PATCH This Week

Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5133 HIGH POC This Week

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress User Activity Log
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5003 HIGH POC THREAT This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
25.9%
CVE-2023-3154 HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization Nextgen Gallery
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45985 HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4971 HIGH POC This Week

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Weaver Xtreme Theme Support
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-4861 HIGH POC This Week

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Filester
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-4691 HIGH POC This Week

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Bookly
NVD WPScan
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-3155 HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Nextgen Gallery
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-45686 HIGH POC This Week

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Mfp Server
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-3392 HIGH POC This Week

The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Read More Accordion
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-45540 MEDIUM POC This Month

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Leave Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-45689 MEDIUM POC This Month

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-40791 MEDIUM POC PATCH This Month

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. Rated medium severity (CVSS 6.3). Public exploit code available.

Information Disclosure Linux Linux Kernel H300s Firmware H500s Firmware +2
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-45542 MEDIUM POC This Month

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-4950 MEDIUM POC This Month

The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Funnelforms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4819 MEDIUM POC This Month

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Shared Files
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4687 MEDIUM POC This Month

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Pagelayer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4290 MEDIUM POC This Month

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Matterport Shortcode
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4620 MEDIUM POC This Month

The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Booking Calendar
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43119 CRITICAL Act Now

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Authentication Bypass Exos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3991 CRITICAL Act Now

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Freshtomato
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43668 CRITICAL PATCH Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Inlong
NVD
CVSS 3.1
9.8
EPSS
1.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy