svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in KDE KMail before 19.12.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in GNOME Evolution before 3.35.91. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.