In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.