Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 33.7%.
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.