Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In setup wizard there is a bypass of some checks when wifi connection is skipped. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.