Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 93.7%.
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21),. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.