SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Bento4 1.5.1-628. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.