Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.