Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.5%.
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.