Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on. Rated medium severity (CVSS 4.7). No vendor patch available.