Critical Vulnerablities
@vulnalerts.bsky.social
Created by @hammslam.bsky.social
This was created to send CVEs (9.0 or higher) from the NVD and upload them here every day using the Bluesky API and NVD API
This was created to send CVEs (9.0 or higher) from the NVD and upload them here every day using the Bluesky API and NVD API
built in admin account.
Base Score: 9.8
Severity: CRITICAL
Base Score: 9.8
Severity: CRITICAL
March 21, 2025 at 11:00 AM
built in admin account.
Base Score: 9.8
Severity: CRITICAL
Base Score: 9.8
Severity: CRITICAL
rent MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
Base Score: 9.8
Severity: CRITICAL
Base Score: 9.8
Severity: CRITICAL
March 21, 2025 at 11:00 AM
rent MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
Base Score: 9.8
Severity: CRITICAL
Base Score: 9.8
Severity: CRITICAL
.26.3 and 0.27.0.
Base Score: 9.6
Severity: CRITICAL
Base Score: 9.6
Severity: CRITICAL
March 21, 2025 at 11:00 AM
.26.3 and 0.27.0.
Base Score: 9.6
Severity: CRITICAL
Base Score: 9.6
Severity: CRITICAL
er to create and delete objects even if none of these requirements are satisfied, i.e. even if there is no APIBinding in that workspace at all or the workspace owner has created an APIBinding, but rejected a permission claim. A fix for this issue has been identified and has been published with kcp 0
March 21, 2025 at 11:00 AM
er to create and delete objects even if none of these requirements are satisfied, i.e. even if there is no APIBinding in that workspace at all or the workspace owner has created an APIBinding, but rejected a permission claim. A fix for this issue has been identified and has been published with kcp 0
leting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By design, this should only be allowed when the workspace owner decides to give access to an API provider by creating an APIBinding. With this vulnerability, it is possible for an attack
March 21, 2025 at 11:00 AM
leting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By design, this should only be allowed when the workspace owner decides to give access to an API provider by creating an APIBinding. With this vulnerability, it is possible for an attack
ows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
Base Score: 9.0
Severity: CRITICAL
Base Score: 9.0
Severity: CRITICAL
March 21, 2025 at 11:00 AM
ows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
Base Score: 9.0
Severity: CRITICAL
Base Score: 9.0
Severity: CRITICAL
Score: 9.8
Severity: CRITICAL
Severity: CRITICAL
March 21, 2025 at 11:00 AM
Score: 9.8
Severity: CRITICAL
Severity: CRITICAL
ticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Base
Base
March 21, 2025 at 11:00 AM
ticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Base
Base
h 6.0.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
March 21, 2025 at 11:00 AM
h 6.0.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
tion Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
Base Score: 9.0
Severity: CRITICAL
Base Score: 9.0
Severity: CRITICAL
March 20, 2025 at 11:00 PM
tion Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
Base Score: 9.0
Severity: CRITICAL
Base Score: 9.0
Severity: CRITICAL
Score: 9.8
Severity: CRITICAL
Severity: CRITICAL
March 20, 2025 at 11:00 PM
Score: 9.8
Severity: CRITICAL
Severity: CRITICAL
ticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Base
Base
March 20, 2025 at 11:00 PM
ticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Base
Base
h 6.0.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
March 20, 2025 at 11:00 PM
h 6.0.
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
NOTE: The vendor was contacted and it was learned that the product is not supported.
Base Score: 9.8
Severity: CRITICAL
on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
Base Score: 10.0
Severity: CRITICAL
Base Score: 10.0
Severity: CRITICAL
March 20, 2025 at 11:00 AM
on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0.
Base Score: 10.0
Severity: CRITICAL
Base Score: 10.0
Severity: CRITICAL