Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A information disclosure vulnerability in the Broadcom wi-fi driver. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A information disclosure vulnerability in the Android media framework (audioflinger). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A information disclosure vulnerability in the N/A memory subsystem. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A information disclosure vulnerability in the Android media framework (n/a). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A information disclosure vulnerability in the Android media framework (n/a). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
A denial of service vulnerability in the Android runtime (android messenger). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Android media framework (libstagefright). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Android media framework (libstagefright). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Android media framework (libhevc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Android media framework (libavc). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
A denial of service vulnerability in the Android media framework (libskia). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.