Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.