XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in HAProxy before 2.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.