Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.3%.
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available.
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. Public exploit code available.
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial of Service attack when the switch rejects to receive packets from the controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.