An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.