VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Critical
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2023-02-01
CVE-2023-0587
Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE
A file upload vulnerability in exists in Trend Micro Apex One server build 11110.
network
low complexity
trendmicro
CWE-434
critical
9.1
9.1
2023-02-01
CVE-2022-47770
SQL Injection vulnerability in Serinf Fast Checkin 1.0
Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.
network
low complexity
serinf
CWE-89
critical
9.8
9.8
2023-02-01
CVE-2023-24241
SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.
network
low complexity
forget-heart-message-box-project
CWE-89
critical
9.8
9.8
2023-01-31
CVE-2022-24963
Integer Overflow or Wraparound vulnerability in Apache Portable Runtime 1.7.0
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
network
low complexity
apache
CWE-190
critical
9.8
9.8
2023-01-31
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
network
low complexity
CWE-190
critical
9.8
9.8
2023-01-31
CVE-2022-47035
Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.
network
low complexity
CWE-120
critical
9.8
9.8
2023-01-31
CVE-2022-47780
SQL Injection vulnerability in Bangresto Project Bangresto 1.0
SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.
network
low complexity
bangresto-project
CWE-89
critical
9.8
9.8
2023-01-31
CVE-2023-24162
Deserialization of Untrusted Data vulnerability in Hutool 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
network
low complexity
hutool
CWE-502
critical
9.8
9.8
2023-01-31
CVE-2023-24163
SQL Injection vulnerability in Hutool 5.8.11
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.
network
low complexity
hutool
CWE-89
critical
9.8
9.8
2023-01-31
CVE-2022-39060
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation.
network
low complexity
CWE-20
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
2178
2179
»
Next