An issue was discovered in ShopNx through 2017-11-17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An issue was discovered in AKCMS 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.