Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-25589 | Unspecified vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. | 9.8 |
| 2023-03-22 | CVE-2023-27855 | Path Traversal vulnerability in Rockwellautomation Thinmanager In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. | 9.8 |
| 2023-03-22 | CVE-2023-28725 | Unrestricted Upload of File with Dangerous Type vulnerability in Generalbytes Crypto Application Server 20230120 General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. | 9.1 |
| 2023-03-21 | CVE-2023-26497 | Out-of-bounds Write vulnerability in Samsung products An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. | 9.8 |
| 2023-03-21 | CVE-2023-1529 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. | 9.8 |
| 2023-03-21 | CVE-2018-25082 | XXE vulnerability in Wechat SDK Python Project Wechat SDK Python A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. | 9.8 |
| 2023-03-21 | CVE-2023-25684 | SQL Injection vulnerability in IBM Security KEY Lifecycle Manager IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. | 9.8 |
| 2023-03-21 | CVE-2023-27569 | SQL Injection vulnerability in Prestashop EO Tags The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | 9.8 |
| 2023-03-21 | CVE-2023-27570 | SQL Injection vulnerability in Prestashop EO Tags The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | 9.8 |
| 2023-03-21 | CVE-2023-1153 | SQL Injection vulnerability in Pacsrapor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. | 9.8 |