Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-0587 Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE
A file upload vulnerability in exists in Trend Micro Apex One server build 11110.
network
low complexity
trendmicro CWE-434
critical
9.1
2023-02-01 CVE-2022-47770 SQL Injection vulnerability in Serinf Fast Checkin 1.0
Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.
network
low complexity
serinf CWE-89
critical
9.8
2023-02-01 CVE-2023-24241 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
network
low complexity
forget-heart-message-box-project CWE-89
critical
9.8
2023-01-31 CVE-2022-24963 Integer Overflow or Wraparound vulnerability in Apache Portable Runtime 1.7.0
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
network
low complexity
apache CWE-190
critical
9.8
2023-01-31 CVE-2022-25147 Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
network
low complexity
CWE-190
critical
9.8
2023-01-31 CVE-2022-47035 Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
network
low complexity
CWE-120
critical
9.8
2023-01-31 CVE-2022-47780 SQL Injection vulnerability in Bangresto Project Bangresto 1.0
SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.
network
low complexity
bangresto-project CWE-89
critical
9.8
2023-01-31 CVE-2023-24162 Deserialization of Untrusted Data vulnerability in Hutool 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
network
low complexity
hutool CWE-502
critical
9.8
2023-01-31 CVE-2023-24163 SQL Injection vulnerability in Hutool 5.8.11
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.
network
low complexity
hutool CWE-89
critical
9.8
2023-01-31 CVE-2022-39060 ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation.
network
low complexity
CWE-20
critical
9.8