The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.6%.
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.3%.
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature.". Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.