Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
network
low complexity
critical
 9.8
9.8
2023-05-26 CVE-2021-46887 Unspecified vulnerability in Huawei Emui 10.1.0/10.1.1/11.0.0
Lack of length check vulnerability in the HW_KEYMASTER module.
network
low complexity
huawei
critical
 9.8
9.8
2023-05-26 CVE-2022-48478 Unspecified vulnerability in Huawei Harmonyos 2.0
The facial recognition TA of some products lacks memory length verification.
network
low complexity
huawei
critical
 9.8
9.8
2023-05-26 CVE-2022-48479 Out-of-bounds Read vulnerability in Huawei Harmonyos 2.0
The facial recognition TA of some products has the out-of-bounds memory read vulnerability.
network
low complexity
huawei CWE-125
critical
 9.8
9.8
2023-05-25 CVE-2023-2851 ** UNSUPPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.
network
low complexity
CWE-89
critical
 10.0
10
2023-05-25 CVE-2023-2882 Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
network
low complexity
critical
 9.8
9.8
2023-05-25 CVE-2023-2884 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
network
low complexity
CWE-338
critical
 9.8
9.8
2023-05-25 CVE-2023-2887 Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
network
low complexity
CWE-290
critical
 9.1
9.1
2023-05-25 CVE-2023-2734 Unspecified vulnerability in Inspireui Mstore API
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1.
network
low complexity
inspireui
critical
 9.8
9.8
2023-05-24 CVE-2023-33796 Unspecified vulnerability in Netbox Project Netbox 3.5.1
** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database.
network
low complexity
netbox-project
critical
 9.1
9.1