Skip to main content

Control

5 CVEs product

Monthly

CVE-2023-25719 HIGH POC This Week

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Control
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-25718 CRITICAL Act Now

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Control
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-36763 HIGH This Week

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control Control Rte Control Runtime System Toolkit +4
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33485 CRITICAL Act Now

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control Control Rte Control Runtime System Toolkit +4
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2014-3857 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Control
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.6%
EPSS 1% CVSS 8.8
HIGH POC This Week

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Control
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Control
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control +6
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control +6
NVD VulDB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Control
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy