Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.