CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in the Linux kernel before 5.6.7. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in the Linux kernel before 5.6.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
An issue was found in Linux kernel before 5.5.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was found in Linux kernel before 5.5.4. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition,. Rated medium severity (CVSS 4.1).