An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HCL Connections 6.5 is vulnerable to possible information leakage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.
An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An XSS issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.
An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Zammad 3.0 through 3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.