Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.92.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability classified as critical was found in Panabit Panalog 202103080942. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
TOMP Bare Server implements the TompHTTP bare server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.