Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.