All CosmicBytez Labs articles tagged #CVSS 9.8, across news, security advisories, how-to guides, and projects.
A critical CVSS 9.8 remote code execution vulnerability in manga-image-translator allows unauthenticated attackers to execute arbitrary commands by...
CVSS 9.8 in Goobi Viewer REST API lets unauthenticated clients inject Solr streaming expressions, enabling RCE on affected digital heritage platforms.
A critical authentication bypass vulnerability in NVIDIA Triton Inference Server could allow unauthenticated attackers to execute code, escalate...
The Boost plugin for WordPress versions up to 2.0.3 is vulnerable to PHP Object Injection via deserialization of the STYXKEY-BOOST_USER_LOCATION cookie,...
Apache Camel's JmsBinding class in camel-jms and camel-sjms deserializes incoming JMS ObjectMessage payloads via javax.jms.ObjectMessage.getObject()...
Apache MINA's AbstractIoBuffer.resolveClass() contains a branch for static classes and primitive types that skips allowlist validation entirely, letting...
KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...
A critical OS command injection vulnerability in radare2-mcp 1.6.0 and earlier allows remote attackers to execute arbitrary commands by bypassing the...
A critical OS command injection vulnerability in NewSoftOA by NewSoft allows unauthenticated local attackers to inject and execute arbitrary OS commands...
OpenOlat versions 10.5.4 through 20.2.4 fail to verify JWT signatures in their OpenID Connect implicit flow, allowing unauthenticated attackers to...
Oracle's March 2026 Critical Patch Update includes CVE-2026-21992, a CVSS 9.8 unauthenticated remote code execution vulnerability in Oracle Identity...