All CosmicBytez Labs articles tagged #CVSS 9.1, across news, security advisories, how-to guides, and projects.
A critical path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and earlier allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially achieving remote code execution.
A critical missing authorization vulnerability (CVSS 9.1) in Red Hat's migration-planner allows any authenticated user to send a DELETE request to...
A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled…
A critical SQL injection vulnerability (CVSS 9.1) in OTRS and ((OTRS)) Community Edition allows unauthenticated attackers to bypass authentication entirely…
A critical CVSS 9.1 access control flaw in the WP Travel Pro WordPress plugin allows unauthenticated attackers to delete any user account — including...
A CVSS 9.1 command injection vulnerability in UniFi OS devices allows a network-adjacent attacker with high privileges to execute arbitrary commands on...
A CVSS 9.1 critical command injection vulnerability in Honeywell's Control Network Module web interface allows remote attackers to execute arbitrary...
Apache OFBiz versions before 24.09.06 contain a hard-coded cryptographic key vulnerability (CVSS 9.1) that allows attackers to forge authentication tokens...
GLPI versions 11.0.0 through 11.0.5 contain a server-side template injection vulnerability in the administrator interface that allows authenticated admins...