ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in OpenEXR before v2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in OpenEXR before 2.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.